IDS mailing list archives
Re: IDS is dead, etc
From: Lance Spitzner <lance () honeynet org>
Date: Thu, 19 Jun 2003 22:54:44 -0500 (CDT)
On 19 Jun 2003, Martin Roesch wrote:
Boiling the Gartner report down, here are my take aways: 1) IDSes produce too many false positives (i.e. the quality of the information they produce is low) 2) IDSes produce too much data (i.e. the quantity of information they produce is high) 3) There is no solution to these problems, therefore IDS is dead and we should all buy in-line IPS, er, "deep content inspection firewalls"! So, is there any way to make the quality of data coming out of the IDS higher while at the same time diminishing the amount of information generated?
This is where I think honeypots represent such an exciting opportunity by working with existing detection solutions. Honeypots dramatically reduce the amount of data and false positives an organization collects. Honeypots have the added bonus of working in both IPv6 and encrypted environments. By corrolating these capabilities with current IDS technologies, we can help address these issues. Honeypots: Simple, Effective Detection http://www.securityfocus.com/infocus/1690 lance ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- IDS is dead, etc Martin Roesch (Jun 19)
- RE: IDS is dead, etc Roger A. Grimes (Jun 22)
- Re: IDS is dead, etc Lance Spitzner (Jun 22)
- Re: IDS is dead, etc Martin Roesch (Jun 22)
- Re: IDS is dead, etc Dragos Ruiu (Jun 23)
- Re: IDS is dead, etc Martin Roesch (Jun 22)
- Re: IDS is dead, etc roy lo (Jun 22)
- <Possible follow-ups>
- Re: IDS is dead, etc broyds (Jun 22)
- Re: IDS is dead, etc belka (Jun 22)
- Re: IDS is dead, etc Martin Roesch (Jun 22)
- RE: IDS is dead, etc Craig H. Rowland (Jun 23)
- RE: IDS is dead, etc Paul Schmehl (Jun 25)
- RE: IDS is dead, etc Craig H. Rowland (Jun 25)
- RE: IDS is dead, etc Ron Gula (Jun 25)
- RE: IDS is dead, etc Craig H. Rowland (Jun 23)