IDS mailing list archives
RE: Recent Gartner IDS/IPS report
From: Avi Chesla <avic () V-Secure com>
Date: Thu, 19 Jun 2003 10:06:35 +0200
Hi, I agree with Gartner's statement, that the next generation of security products will integrate automatic prevention capabilities into their systems. This is already happening (IPS - Intrusion Prevention Systems) and my opinion is that this reflects the market's needs currently and in the future. Why is that? The increasing value of the Internet have raised the demands for faster security solutions and, most importantly, automatic active devices that can provide proper countermeasures to the attacks. Due to the speed and frequency of attack methods, these devices must also be able to execute defensive actions without human intervention in minimum time. The majority of Internet connected organizations do not have the necessary time or resources to properly analyze security reports, implement necessary countermeasures and execute them. If the organization's Internet infrastructure and applications aren't easily accessible or are difficult to use, the customers who expect to get fast and reliable online services will simply find another available service (usually from a competing organization). Human decisions and actions take time and, in a world dominated by fast hardware and communication lines, some of the decisions and countermeasures will have to be done automatically by the security devices in order to avoid losing customers. It is not clear however, what Gartner means by saying that firewalls (with more security functionalities - network and applications protections) will replace the IDS products. Intrusion analysis is an entirely different technology than the technology which is associated with current firewalls products. Integrating both technologies in the same product is possible and it seems that this is what Gartner was intending to explain, unsuccessfully. Although it might upset some vendors, if automatic prevention is what the market wants, it is a fact that the current IDS products which are associated with an excessive amount of false positives, will not be able to provide. Avi Chesla ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Recent Gartner IDS/IPS report Gary Golomb (Jun 18)
- Re: Recent Gartner IDS/IPS report Stephen Samuel (Jun 18)
- Re: Recent Gartner IDS/IPS report Andreas Hess (Jun 22)
- Re: Recent Gartner IDS/IPS report Jeff Nathan (Jun 22)
- <Possible follow-ups>
- RE: Recent Gartner IDS/IPS report Carey, Steve T GARRISON (Jun 18)
- RE: Recent Gartner IDS/IPS report oherrera (Jun 19)
- RE: Recent Gartner IDS/IPS report Avi Chesla (Jun 19)
- RE: Recent Gartner IDS/IPS report Andre Yee (Jun 22)
- RE: Recent Gartner IDS/IPS report Golomb, Gary (Jun 22)