Re: Can Of Worms - Attack Mitigation Systems vs. Network IPS

["Andy Cuff" <lists () securitywizardry com>]

Hi Joel,
Thanks so much for such a comprehensive reply, and judging by your comments
I can see you understand why I saw this subject as a can of worms ;o)

The reason I wanted to discuss the matter onlist was to receive feedback
such as this, if the consensus of opinion is that they cannot be separated I
will re-merge the pages and drop the category AMS

I like your division between rate based and content based, which is
effectively what I'm also hoping to achieve though calling them slightly
different things, AMS and IPS.  I agree that many products don't easily
slide into one or the other category and some have features of both, after
reading your email I have extended the introduction to each page to
recommend visitors look at both categories.

I feel that the industry is in a similar position to where we were a few
years ago with Host IDS, where a variety of categories of products (NNIDS,
Hybrid IDS, Host IDS) combined to result in Host IPS. Before they combined
though there was a marketing battle between vendors definitions.

For the moment though, buyers are looking for Network IPS or Attack
Mitigators, and with the best will in the World, they don't always look too
deeply into what they are getting, often falling victim to sales hype or a
good business lunch.  Just reading some of the horror stories on some Attack
Mitigator websites would put many buyers off purchasing a content based
device.

thoughts?
-andy
 Talisker Security Tools Directory
http://www.securitywizardry.com



---------------------------------------------------------------------------
---------------------------------------------------------------------------