Re: Intrusion Detection Systems, Best of breed?

["Robin S. Socha" <robin-dated-1009660818.ae9a65 () socha net>]

begin  franks.exe  <franks () nfr com> writes:

> You know that the semantics of the discussion is missing an important
> factor a REAL life problem that mid-sized to large organizations have
> to deal with , SIZE/SCALE. It's great to picture the common
> IDS/NIDS/Honeypot for few choke points. 

It's not great, it's the standard, "franks".

> But what happens when you have to deal with +1000 servers, and many
> VPN/DMZ/Internet connections?

Then it's time to learn your network basics.

> How do you analyze the data and make sense of tens of thousands of
> alerts, let alone false positives. 

You don't. Not at once. You break them down into what you would possibly
call "sizable chunks" aka subnets and deal with them.

> Reality is that most companies will place IDS/HIDS/Honeypots on high
> profile segments and hope to net some bad guys, this produces great
> pie charts that a manager can appreciate. 

Are those the categories you're thinking in? Then may heaven forbid that
I'll ever be a user on one of your systems.

> What is the becoming the most important in the Best of breed line up
> is scale? Who can scale, and how easy is it to scale?  Next who can
> upgrade when upgrades of all sensors is required? Also let's throw
> quickly and efficiently into the deployment too?

You are confused, "franks". Very, very confused. And do not Cc:
me. Ever. I'm on this list.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards