IDS mailing list archives
RE: Network IDS
From: Steffen Kluge <kluge () fujitsu com au>
Date: Fri, 22 Aug 2003 12:04:20 +1000
On Wed, 2003-08-20 at 05:52, Robert.Lupo () nokia com wrote:
I have seen time and time again people buying a product, getting vendor training and then viewing the logs and thinking "wo ho! I have IDS!" but do you know how to write your own rules, signatures, analyze the traffic for what your company needs?
If they don't then that "woohoo!" will quickly turn into a "curse that wretched IDS!". The system will swamp them with logs, the sheer amount of which will make it near impossible to spot the interesting bits among the noise. In the end they will concede that the whole IDS idea was an expensive flop. I believe this is part of the sentiment the Gartner article reflects. Of course, commercial NIDS vendors have only themselves to blame for this backlash. While they were busy grabbing a slice of the market the new IDS buzzword created they neglected (or forgot, or avoided) to tell customers that IDS is a tool that's only useful in skilled hands. Cheers Steffen.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Barry Fitzgerald (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Mark Teicher (Aug 28)