IDS mailing list archives
Re: Recent anti-NIDS Gartner article
From: nyec <nyec () pacbell net>
Date: Tue, 17 Jun 2003 09:45:10 -0700
On Saturday 14 June 2003 8:04 pm, Ron Gula wrote:
Gartner has the basic point right, that NIDS are time-consuming and don't automatically stop attacks, but their facts and conclusions are all wrong. - Most large organizations dont even look at their firewall logs - if NIDS have failed us, then Gartner should have lumped in the ESM/SIM guys which are primarily NIDS correlation tools - the article will cause NIDS vendors to quickly rename their products as 'NIPS' or 'Defensive' systems which will confuse the less sophisticated buying public Bottom line: I think the article will have an acceleration on the demise of the CSO role and the idea of a separated 'security' staff. Firewalls used to be run by the security guys, now it is the network engineering folks. Virus was run by security as well until it went to IT. Now if the FW guys can do something close to IDS, why have an expensive group of security analysts around. Ron Gula, CTO Tenable Network Security
I think this has to do more with the economy than with functionality of IDS or NIDS. As a security contractor, I hear many organizations say, "We need a security staff. We want a security. We just can't afford a security staff". So, the MCSE desktop support group is given the role of manually monitoring *all* log files. Which, 99% of the time never happens. So management never hears about any malicious activity. To management, this equates to, "We must be secure, nobody has hacked us. Those MCSE guys really know their security". ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Recent anti-NIDS Gartner article Ron Gula (Jun 17)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 18)
- Re: Recent anti-NIDS Gartner article nyec (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen P. Berry (Jun 18)
- <Possible follow-ups>
- RE: Recent anti-NIDS Gartner article Reverman, Peter C (Jun 17)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 18)
- Re: Recent anti-NIDS Gartner article Michael Sierchio (Jun 18)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 22)
- RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 19)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
(Thread continues...)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)