Can Of Worms - Attack Mitigation Systems vs. Network IPS

["Andy Cuff" <lists () securitywizardry com>]

Hi Folks,
Please pardon the above pun but this is another of those IDS terminology
issues that I'd like to thrash out to understand what the members of this
list think.

Intrusion Prevention Systems are certainly the current flavor of the month,
Gartner's death of IDS has added to the marketing fervor for vendors to have
an IPS in their stable of products.  But what products fit into the
category?  There seems to be an ever increasing number of DOS/Attack
Mitigation Systems that are labelling themselves as IPS, therefore after
some offlist consultation I'd like to see what list members feel about this
statement that was passed to me by a kind-hearted individual last week

The main definition between NIPS and Mitigators would be Mitigators are
designed to do one specific job - detect and mitigate against DOS/DDOS
attacks and bilateral effects of worm activity. NIPS are designed to detect
malicious traffic and drop the packet/stream. NIPS are not always
necessarily good at mitigating DOS/DDOS attacks. Mitigators generally do not
have the signature coverage to provide good NIPS functionality. NIPS are
like IDS but in-line. Mitigators are like firewalls but designed to detect
and prevent DOS attacks rather than enforce policy.

I have moved many of the attack mitigators from my list of IPS at
http://www.securitywizardry.com/inline.htm to a new Attack Mitigation System
page at http://www.securitywizardry.com/idsdosmit.htm of which I currently
have 12 products listed

Thanks for any time you can devote to this cause.

take care
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------