IDS mailing list archives

RE: Changes in IDS Companies?

From: Brian Brotschi <brian.brotschi () sygate com>
Date: Wed, 16 Oct 2002 18:40:55 -0700

Hello All;
vendor disclosure = I am employed by Sygate Technologies
My observations of this topic over the past few years have lead me to
believe that IDS is best used as a enabling technology which when properly
implemented can lead to host systems which are more secure then without IDS.
The whole premise of inspecting all traffic which is observed by either a
network sensors or host based sensors has many inefficiencies, namely the
amount of data which needs to be inspected to ferret out of the bad from the
good and then reporting it over long periods of time to quantify the actual
risk.
A very real analogy can be drawn between how protocol analysis was
originally used and then morphed into making IDS more efficient, the same
analogy should be applied to IDS technologies, and how they can be used to
make systems more secure.
The approach which Sygate has taken is to apply IDS to traffic destined
within a host to specific executable programs, thereby significantly
reducing the rate of false positives.  This I feel is the first step in the
right direction.  The subject of this message focuses on "changes in IDS
companies", perhaps a more compelling subject would be "how best to apply
IDS generated information to real world security threats & vulnerabilities"
and what companies are best positioned to execute on this goal.
Brian M Brotschi
Sygate Technologies, Inc.
Director of Security Solutions
Business: 510-742-2642
Fax: 208-723-1666
Cell: 408-489-4157
Email:brian.brotschi () sygate com
http://www.sygate.com
Yahoo ID = brian_brotschi
mobile=bbrotschi () vtext com
--------------------------------------------
The information transmitted is intended only for the person  to which it is
addressed and may contain confidential and/or privileged material.  Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited.   If you received this in error,
please contact the sender and delete the material from any computer.


-----Original Message-----
From: J. Foobar [mailto:jfoobar1 () yahoo com]
Sent: Tuesday, October 15, 2002 11:10 PM
To: Avi Chesla; focus-ids () securityfocus com
Cc: 'Samuel Cure'
Subject: RE: Changes in IDS Companies?


I remember reading an article on SF a year or more ago
entitled "The Future of IDS" or something to that
effect, wherein the author predicted the demise of
separate NIDS and HIDS to be replaced with reactive
all-encompassing systems relying on a few carefully
placed network monitors and aggressively reactive
host-based systems.

Was he right?

--- Avi Chesla <avic () V-Secure com> wrote:

I totally agree with you. Next generation IDS  ,also
being called Intrusion
Prevention Systems or Perimeter Security devices are
the next step in the
evolution of the Traditional Intrusion Detection
Systems. Vendors such as
Intruvert, Tipping point ,  Vsecure Technologies ,
Lancope, Forescout ,
TopLayer (Mitigator) etc, are example of some.
All these vendors claim to have an Intrusion
Prevention Systems which
usually has some kinds of Adaptive capabilities,
they do behavioral and
protocol analysis and do not based on attack
signature (most of them) , they
sit in-line (most of them), they mitigate attack
without be depended in
other products to do the blocking...

Best Regards,

Avi Chesla
Director of Research
Vsecure Technoliges, Inc.
www.v-secure.com

-----Original Message-----
From: Samuel Cure [mailto:scure () netpierce net] 
Sent: Monday, October 14, 2002 10:54 PM
To: focus-ids () securityfocus com
Subject: Changes in IDS Companies?


Just noticing some changes with some known IDS
companies and wanted some
feedback from the community. Because Marcus Ranum
left NFR earlier this year
and Ron Gula has left Enterasys Networks, I am
questioning the future of
some early-on IDS companies. I mentioned some time
ago that the IDS market
will eventually consolidate and it seems like things
are moving in that
direction.


To further enforce my point, word on the street is
TippingPoint is now
seeking for someone to buy them out. Does anyone
else have anything that
could help validate this or these types of trends in
IDS companies?



Thanks in advance!

-------------------
Samuel J. Cure
Security Specialist
NetPierce Security Services
www.netpierce.net
-------------------



__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

Current thread:

Re: Changes in IDS Companies?, (continued)
- - - Re: Changes in IDS Companies? roy lo (Oct 16)
    - RE: Changes in IDS Companies? Oliver Petruzel (Oct 17)
    - RE: Changes in IDS Companies? Mike Shaw (Oct 18)
    - Re: Changes in IDS Companies? Frank Knobbe (Oct 18)
    - Re: Changes in IDS Companies? Raistlin (Oct 31)
    - Re: Changes in IDS Companies? Scott Wimer (Oct 31)
- RE: Changes in IDS Companies? Alan Shimel (Oct 16)
- RE: Changes in IDS Companies? Avi Chesla (Oct 16)
- RE: Changes in IDS Companies? Alan Shimel (Oct 16)
  - Re: Changes in IDS Companies? Martin Roesch (Oct 16)
- RE: Changes in IDS Companies? Brian Brotschi (Oct 16)
- RE: Changes in IDS Companies? Ralph Los (Oct 17)
- Re: Changes in IDS Companies? Jason Falciola (Oct 17)
- Re: Changes in IDS Companies? Eye Dius (Oct 17)
  - Re: Changes in IDS Companies? Clint Byrum (Oct 17)
    - Re: Changes in IDS Companies? Stephane Nasdrovisky (Oct 18)
    - Re: Changes in IDS Companies? scottw (Oct 18)
- RE: Changes in IDS Companies? tcleary2 (Oct 17)
- FW: Changes in IDS Companies? Avi Chesla (Oct 22)
- Re: Changes in IDS Companies? Proxy Administrator (Oct 25)
  - Re: Changes in IDS Companies? Aaron Turner (Oct 25)

(Thread continues...)