IDS mailing list archives
Re: IDS thoughts
From: "Andrew Plato" <aplato () anitian com>
Date: Mon, 19 May 2003 18:16:53 -0700
There's really not a whole lot else to be done in the IDS market except product improvements (code refinement,etc), signature maintenance, and keeping up with data rates. Oh, and press releases. So for the IDS consumer, which the majority of us on this list are, all
that
really matters is what has always mattered. Feature sets, GUI's, unit
cost,
usability/manageability, forensics, maintainability, a product's
ability to
integrate with third-party tools, low false-positive and false-negative rates,
etc.
Little of what the vendor reps had to say about PSD had anything to do with that. If you go back and look at the posts by any vendor rep over the last year or two, it'll be the rare one that addresses a customer's standard issue set. So when you vendor guys start talking objectively about things IDS consumers like me really care about, I'll listen. I won't be holding my breath waiting. In the meantime, save your thinly veiled digs at each other for your marketeers.
I disagree. If you really get under the covers of many of the popular IDSs on the market, you quickly realize, they are not all the same. Sure, all of them might SAY they detect a PSD, but that doesn't mean they will do it correctly or consistently. I won't point fingers or play favorites, but some IDSs are mostly fluff and BS. They sell because they have a big named attached to them and pushy sales people. I think the IDS space has a long way to go and there is a lot to do in the market. For example, we're just now seeing the acceptance of IPS technologies. And IDSs are getting better and more capable at filtering through the garbage and finding the gems (or turds, depending on how you look at it.) There's innovation there. However, I would agree that some basic stuff, like GUIs and my personal pet peeve - documentation - are still very much in the crappy column. I think one problem is that a lot of vendors suffer from poorly conceived sales strategies. The people who formulate sales strategies are dorks in suits sitting in big offices, with little customer contact. They have never once in their life had to actually install or manage an IDS, so they aren't aware of what really affects customers. These guys dream up strategies based on what they read on billboards and the back of milk cartons. They then push those strategies on sales people and channel managers who must religiously bark the company dogma to every person they meet. The result is a pitch that's more about propaganda than honest capability. If you want to really know about an IDS, talk to the people who install and manage them and not to sales people and vendor reps. Naturally, I encourage people to work with smaller, consulting-oriented resellers (like me!) who can offer honest advice on a number of different products. A good reseller skips over the sales pitch and talks about the realities of installing and using an IDS. As such, you will get insight into those issues you mentioned. ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation Enterprise Security & Infrastructure Solutions 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Re: IDS thoughts, (continued)
- Re: IDS thoughts Mike Frantzen (May 20)
- Re: IDS thoughts Thomas H . Ptacek (May 20)
- Re: IDS thoughts Ramani Yellapragada (May 20)
- Re: IDS thoughts Lance Spitzner (May 21)
- Re: IDS thoughts Stefano Zanero (May 27)
- Re: IDS thoughts Bill Royds (May 21)
- Re: IDS thoughts Roger A. Grimes (May 21)
- Re: IDS thoughts Raistlin (May 27)
- Random IDS Thoughts [WAS: Re: IDS thoughts] Greg Shipley (May 29)
- Message not available
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] SecurIT Informatique Inc. (May 30)