IDS mailing list archives
Can Of Worms - Attack Mitigation Systems vs. Network IPS
From: "Andy Cuff" <lists () securitywizardry com>
Date: Thu, 29 Jan 2004 17:13:47 -0000
Hi Folks, Please pardon the above pun but this is another of those IDS terminology issues that I'd like to thrash out to understand what the members of this list think. Intrusion Prevention Systems are certainly the current flavor of the month, Gartner's death of IDS has added to the marketing fervor for vendors to have an IPS in their stable of products. But what products fit into the category? There seems to be an ever increasing number of DOS/Attack Mitigation Systems that are labelling themselves as IPS, therefore after some offlist consultation I'd like to see what list members feel about this statement that was passed to me by a kind-hearted individual last week The main definition between NIPS and Mitigators would be Mitigators are designed to do one specific job - detect and mitigate against DOS/DDOS attacks and bilateral effects of worm activity. NIPS are designed to detect malicious traffic and drop the packet/stream. NIPS are not always necessarily good at mitigating DOS/DDOS attacks. Mitigators generally do not have the signature coverage to provide good NIPS functionality. NIPS are like IDS but in-line. Mitigators are like firewalls but designed to detect and prevent DOS attacks rather than enforce policy. I have moved many of the attack mitigators from my list of IPS at http://www.securitywizardry.com/inline.htm to a new Attack Mitigation System page at http://www.securitywizardry.com/idsdosmit.htm of which I currently have 12 products listed Thanks for any time you can devote to this cause. take care -andy Talisker Security Tools Directory http://www.securitywizardry.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Can Of Worms - Attack Mitigation Systems vs. Network IPS Andy Cuff (Jan 29)
- Re: Can Of Worms - Attack Mitigation Systems vs. Network IPS Joel Snyder (Jan 29)
- Re: Can Of Worms - Attack Mitigation Systems vs. Network IPS Andy Cuff (Jan 30)
- <Possible follow-ups>
- RE: Can Of Worms - Attack Mitigation Systems vs. Network IPS Bob Walder (Jan 30)
- Re: Can Of Worms - Attack Mitigation Systems vs. Network IPS Joel Snyder (Jan 29)