IDS mailing list archives
RE: IDS vs. IPS deployment feedback
From: "Basgen, Brian" <bbasgen () pima edu>
Date: Thu, 6 Apr 2006 10:44:24 -0700
I'm new to the list, but this flame war is a bit odd. This is an IDS list, yet the usefulness of IDS is being dismissed? This debate could generate some interesting data. In snort, for example, there are around 5,759 rules (3/31/2006, non-subscription rule base). I don't have the metrics on hand of how many rules commercial IPS's deploy on by default (and how many total can be turned on), but I'd guess it is around 500. I'd be interested to know those numbers, if someone has them. A vendor comparison of rules could also be interesting. What I draw from this ratio is that some 90% of attacks can get through an IPS solution. That doesn't invalidate the IPS anymore than the IPS invalidates a firewall, but it does indicate to me that IDS plays an essential role. ~~~~~~~~~~~~~~~~~~ Brian Basgen IT Security Architect Pima Community College
Attachment:
smime.p7s
Description:
Current thread:
- RE: IDS vs. IPS deployment feedback Devdas Bhagat (Apr 03)
- <Possible follow-ups>
- Re: IDS vs. IPS deployment feedback Will Metcalf (Apr 05)
- Re: IDS vs. IPS deployment feedback Jean-Philippe Luiggi (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 06)
- Re: IDS vs. IPS deployment feedback Will Metcalf (Apr 06)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Apr 15)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 07)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- RE: IDS vs. IPS deployment feedback Alan Shimel (Apr 10)
- Re: IDS vs. IPS deployment feedback Eric Hines (Apr 13)
- RE: IDS vs. IPS deployment feedback Alan Shimel (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 10)
- Re: IDS vs. IPS deployment feedback Paul Schmehl (Apr 11)
- Re: IDS vs. IPS deployment feedback Aaron (Apr 15)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Apr 17)
- Re: IDS vs. IPS deployment feedback Thomas Choi (Apr 18)
- Re: IDS vs. IPS deployment feedback Aaron (Apr 18)