Firewall Wizards mailing list archives
RE: IPS (was: Sources for Extranet Designs?)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sun, 07 Mar 2004 18:31:10 -0500
I wrote (in response to Stiennon)
And since we've got you here.... Can you explain how these "signatures" and "protocol anomaly" detectors and "behavior and flow capabilities" are going to NOT suffer all the problems with false positives that caused Gartner to announce that IDS was a failure?
Well, it's been a couple weeks since I posted that, and obviously the Gartner faction has crawled back under its rock and isn't going to pick up the glove. :( :( But, are we surprised...? That's the problem with these 'Industry analyst' types. Pinning them down is nearly impossible, because when they find themselves in an arena where the clue level is too high for them to peddle their bull-p00, they scurry off to someplace safe. They're like cockroaches - shine the harsh light of reason on them, and they've suddenly got an important meeting to attend someplace else. With some non-technical suit who won't call them on the obvious contradictions in their ex cathedra pronouncements. Of course the reason Stiennon didn't try to answer my question is because there *ISN'T* an answer. Gartner hyped the hell out of "Intrusion Prevention" because they were *paid* to do so. I find it extremely ironic that they hyped one "concept" technology by claiming that it's very underpinnings didn't work and were the "pet rock of computer security." I think that makes Gartner the "horse's buttocks" of analyst firms. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: IPS (was: Sources for Extranet Designs?) Chris Blask (Mar 01)
- <Possible follow-ups>
- RE: IPS (was: Sources for Extranet Designs?) Marcus J. Ranum (Mar 07)