RE: IDS vs. IPS deployment feedback

["Andrew Plato" <andrew.plato () anitian com>]

> I'm not saying that an IPS does not have value, I'm saying 
> it should be part of an overall security strategy, not your 
> end all solution for detecting and preventing intrusions, 
> as  the view that it gives even the most novice analyst is 
> far too narrow.

Okay Will, here we agree. An IPS must be part of a larger security
strategy. It cannot stand alone. I completely agree with that.

However, I maintain my position that most businesses lack the analytical
capabilities to deploy resource intensive technologies (like SNORT).
Hence, commercial IPS that can filter off a set of known vulnerabilities
reduces the overall workload and offers a layer of protection. Also, the
majority of attacks in the wild are well-known and easily detected and
blocked. 

_____________________________________
Andrew Plato, CISSP, CISM
President/Principal Consultant
ANITIAN ENTERPRISE SECURITY

Your Expert Partner for Security & Networking

3800 SW Cedar Hills Blvd, Suite 280
Beaverton, OR 97005
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
_____________________________________

GPG public key available at: http://www.anitian.com/corp/keys.htm 
_________________________________________________
NOTICE:
This email may contain confidential information, 
and is for the sole use of the intended recipient.  
If you are not the intended recipient, please reply 
to the message and inform the sender of the error 
and delete the email and any attachments from 
your computer. 
_________________________________________________


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------