IDS mailing list archives
Re: Wishlist for IPS Products - HYBRID IPS
From: "Andy Cuff" <lists () securitywizardry com>
Date: Sun, 12 Sep 2004 11:12:47 +0100
Hey Jack, Great wish list and some of the vendors are moving towards much of this functionality. However, presently I see a divide in the technology; firstly rate based products which have been termed Attack Mitigation Systems and secondly content based products termed Intrusion Prevention Systems. As I mentioned earlier, many of the products focus on one or the other side of the divide, but increasingly offer both types of analysis in a hybrid fashion. Looking at your wishlist is appears you are aiming at the Hybrid IPS market I have attempted to divide the 2 camps below. AMS http://securitywizardry.com/idsdosmit.htm Network IPS http://securitywizardry.com/inline.htm But I haven't looked at breaking out the various Hybrid IPS, if anyone wishes to take this on I will create the page, though with a 5 hour daily commute have very little time for online researching of the products (Hence I've been quiet for the last few weeks) -andy cuff Talisker's Computer Security Portal Computer Network Defence Ltd http://www.securitywizardry.com ----- Original Message ----- From: "PS R" <secureyourself () gmail com> To: <focus-ids () securityfocus com> Sent: Friday, September 10, 2004 3:18 PM Subject: Wishlist for IPS Products
I have seen a lot of discussion about the differences between IDS, IPS, and firewalls and the potential for convergence, but I do not recall a discussion on the primary features that an IPS should have out of the box. I am thinking of: - Flow Control - limitations on flooding, unused connections, etc... - Robust, ACURATE signature base - Packet capture - no debate on how much before, as that has been covered - Pre-deployment network analysis tools to accelerate deployment - Anomaly detection - Alert export compatibility with 3rd party event management solutions It seems like discussions of this type can only serve to improve the products on the market (or coming to the market), since we know at least some of the vendors are monitoring this list. Jack -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Wishlist for IPS Products PS R (Sep 11)
- Re: Wishlist for IPS Products - HYBRID IPS Andy Cuff (Sep 14)
- Re: Wishlist for IPS Products Srinivasa Rao Addepalli (Sep 14)
- Re: Wishlist for IPS Products David Maynor (Sep 14)
- Re: Wishlist for IPS Products PS R (Sep 14)
- Re: Wishlist for IPS Products Tony Carter (Sep 17)
- Re: Wishlist for IPS Products PS R (Sep 17)
- Re: Wishlist for IPS Products David Maynor (Sep 21)
- Re: Wishlist for IPS Products David Maynor (Sep 20)
- Re: Wishlist for IPS Products David Maynor (Sep 22)
- Re: Wishlist for IPS Products PS R (Sep 24)