RE: IPS (was: Sources for Extranet Designs?)

["Marcus J. Ranum" <mjr () ranum com>]

I wrote (in response to Stiennon)
> And since we've got you here....
>
> Can you explain how these "signatures" and "protocol anomaly" detectors
> and "behavior and flow capabilities" are going to NOT suffer all the problems
> with false positives that caused Gartner to announce that IDS was a
> failure?

Well, it's been a couple weeks since I posted that, and obviously the
Gartner faction has crawled back under its rock and isn't going to pick
up the glove.  :(   :(   But, are we surprised...?

That's the problem with these 'Industry analyst' types. Pinning them down
is nearly impossible, because when they find themselves in an arena
where the clue level is too high for them to peddle their bull-p00, they
scurry off to someplace safe. They're like cockroaches - shine the harsh
light of reason on them, and they've suddenly got an important meeting
to attend someplace else. With some non-technical suit who won't
call them on the obvious contradictions in their ex cathedra
pronouncements.

Of course the reason Stiennon didn't try to answer my question
is because there *ISN'T* an answer. Gartner hyped the hell out
of "Intrusion Prevention" because they were *paid* to do so. I find
it extremely ironic that they hyped one "concept" technology by
claiming that it's very underpinnings didn't work and were the
"pet rock of computer security."

I think that makes Gartner the "horse's buttocks" of analyst firms.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards