Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lots of monkeys staring at a screen....security?

From: Dave Aitel <dave () immunityinc com>
Date: Fri, 27 Oct 2006 10:30:24 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Making IDS part of a defense in depth strategy is giving it some
credit for actually providing defense, which it doesn't do. The people
who win the IDS game are the people who spend the least money on it.
This is why security outsourcing makes money - it's just as worthless
as maintaining the IDS yourself, but it costs less. Likewise, Snort is
a great IDS solution because it does nothing but it does it cheaper.

The technology curve is towards complex, encrypted, asynchronous
protocols. The further into time you look, the worse the chances are
that sniffing traffic is an answer to anything.

The market is slowly realizing this technology's time has past, but in
the meantime lots of people are making giant bus-loads of cash. Good
for them. But IDS technology isn't relevant to a security discussion
in this day and age and it's not going to be anytime soon.

imho,
- -dave
 

Kevin Johnson wrote:

On Oct 26, 2006, at 8:09 AM, Dave Aitel wrote:

My feeling is that IDS is 1980's technology and doesn't work
anymore. This makes Sourcefire and Counterpane valuable because
they let people fill the checkbox at the lowest possible cost,
but if it's free for all IBM customers to throw an IDS in the mix
then the price of that checkbox is going to get driven down as
well.



I think that you are throwing away a technology because of the fact
 it doesn't live up to the hype the sales monkeys have spewed.
While I will agree that IDS' are not the end all be all, they do
provide a very important layer within the defense in depth
strategy.  Yes you can evade them, and yes most companies want to
just plug them in and forget about them, but that doesn't make the
idea wrong.

I am a little biased, <grin> Kevin --------------------- GCIA, GCIH
 BASE Project Lead http://base.secureideas.net The next step in IDS
analysis!





----------------------------------------------------------------------


_______________________________________________ Dailydave mailing
list Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFQhgAB8JNm+PA+iURAggDAJkBuqRFl9ReViS4NVz2gk+HivecrACg7NhQ
PaCvkRruIvjW40CT7P5XzBo=
=+Aba
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: