In my experience, this is marketing hype. Nobody is running "their default recommended settings" and only 10-20 signatures (if any) are run in prevention mode.
It'd be interesting to hear some of the experiences people had deploying IPS. For us it's a short story. We got a high profile brand system, ran it for a while in "learning"/detection only mode and then decided to keep running it like that for now :) Raj ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
