IDS mailing list archives
Re: Changes in IDS Companies?
From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 30 Oct 2002 21:24:03 -0500
On Tuesday, October 29, 2002, at 12:07 PM, Kevin Jones wrote: [much snipped]
However, I agree that once the technical hurdles are overcome (& they will be), NIPS will begin to displace NIDS...But then encryption will pose an increasing problem. For that reason, HIPS will become more necessary, butalso firewall/IDS/VPN systems will make sense as key checkpoints (literally) in the network...thus the move by Check Point & Netscreen.Firewall & IDS (& AV too) vendors ally/acquire partners on the other side, and those that don't will be left out. Thus, the changes in IDS companiesas referenced in the original message in this thread.
Actually, I think if the promise of NIPS is realized, if it replaces anything it will replace *firewalls*, not NIDS. The monitoring need is not removed by NIPS, the stateful packet filtering/access control need is. To recap my view on this one, if your NIPS fails (false negative/fail open) you're going to need an IDS to let you know what's going on. Additionally, there's going to be a need to monitor traffic that doesn't pass through the gateway (internal <-> internal traffic) that isn't going to go away.
Why do you think the firewall companies are moving on this so fast (c.f. Netscreen/CheckPoint).
-Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
Current thread:
- Re: Changes in IDS Companies?, (continued)
- Re: Changes in IDS Companies? Aaron Turner (Oct 25)
- Re: Changes in IDS Companies? Matt Harris (Oct 28)
- Re: Changes in IDS Companies? Aaron Turner (Oct 28)
- Re: Changes in IDS Companies? Matt Harris (Oct 29)
- Re: Changes in IDS Companies? Aaron Turner (Oct 29)
- Re: Changes in IDS Companies? Matt Harris (Oct 31)
- Re: Changes in IDS Companies? J. Foobar (Oct 31)
- Re: Changes in IDS Companies? Martin Roesch (Oct 31)