Sometimes I think reading these "Crystal Ball" reports is like listening to statistics .... The writer can make it mean anything they want to. Yes, of course IDS systems are going to fade out ... as least as far as being the sole method of protection beyond the firewall. Protection-in-depth (despite it's buzz-word status) is now ... and most likely will continue to be ... the best way to provide the layered approach that is necessary to protecting our users.
There have already been several other replies to Aji's question and they all agree that a merging of Firewalls and IDS/IPS will be the wave of the future. Though I am of the same thought - someone is going to have to do a LOT of convincing for me to believe it will be done by 2005. ISS's SiteProtector system with the Fusion Module, Security Scanner, and Host IDS products comes as close as any to eliminating the bulk of the false positives and I STILL would NEVER think of letting the final analysis automatically send blocking commands to my firewall. There are still too many "false positives" that occur. I cannot even imagine the immense amount of labor it will take to incorporate and "tune" these all-in-wunders on a large complex business network. I think many would agree that past the hacks that involve taking advantage of well-known vulnerabilites - the worst danger consists of user-installed backdoors and trojans. Whether via ignorance because they just didn't know better, foolishness because were aware of good policy but chose to ignore it, or downright insider hacking... the worst security problems still occur due to a breach from the inside of the network. Until a product can be spread right down to the desktop at a reasonable cost this will continue to be a nightmare : Nobody is there yet. Opening a can of worms ... P2P applications are the foulest of the growing risks. The vendors of these applications are complaining that we are blaming too many of our problems on their products ... They're right we are - because it's true! As long as these programmers continue to write code INTENDED to subvert our firewalls I will continue to wage battle to block and make it as difficult to use these apps as is humanly possible. End of Speil. Henry P. Schupp a comment on "false positives". My interpretation and that of any IDS vendor must BY NATURE differ. To them as long as an IIS signature saw the "../.." pattern and triggered - it was therefore a "true positive": regardless of whether the target was an IIS server, an Apache Server, a Mac IPOD, or a users desktop. The IDS saw the "../.." pattern so it triggered ... "true" ... right? My analysis has to take the other factors into consideration. So if in any of my correspondence I label something as a "False Positive" that a vendor would want to say "Wait just a cotton-pickin' minute!" in order to correct my thinking ... Please know that I do UNDERSTAND their definition - I just don't agree with it all (most) of the time. hps -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Aji Abraham Sent: Tuesday, June 17, 2003 8:21 AM To: [EMAIL PROTECTED] Subject: [ISSForum] Gartner declares IDS obsolete by 2005 Hello, I would like to have ISS Forum member's commend on this. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci90596 1,00.html Best Regards Aji Abraham _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
