RE: True definition of Intrusion Prevention

["Brian Taylor" <drak3 () comcast net>]

Did that dead horse just twitch again?

***Whips out beating stick***

Yes, I believe that most (if not all of us) agree that this
discussion/debate over IPS is a bit of marketing mixed in with a dollop of
semantics.  BUT, building slightly on what George said--IPS (or whatever you
choose to call it) is a move in the right direction for InfoSec.  The day
where you have an IDS that sees everything short of arson, robbery and
capital murder but it does not do anything other than DETECT is a short one.

We're finally moving to holistic approaches to security that are going
beyond the layered model of thinking in some cases.  When I visit my doctor,
she may yell at me or put me on a diet due to my poor eating habits.  This
PREVENTS things like heart disease, diabetes and Doritos poisoning (eat
enough of em...it's possible).  The old way was to treat the illnesses as
they occur.  Now, we realize that X causes Y which can lead to Z.  We now
try to head it off at the pass.  So preventative medicine is what I'd like
to think that IPS should be.  And looking at trends, it is looking like we
are headed in that direction.  10 years ago, would the few InfoSec
practitioners mentioned things like policies alongside technology--and give
them equal weight???  I doubt it.

Call it what you want.  Intrusion Blocking Systems, Intrusion prevention
Systems, whatever.  Is it using a synergistic set of technologies, policies
and PEOPLE that work as seamlessly as possible to prevent an actual
intrusion or compromise of our systems?  If we're talking hardware or
software, it would not be some egregious crime to call it IPS **as long as
it fits that criteria**.  Does this firewall work and play well with my IDS
to prevent compromise of my network?  Whatever one chooses to call it, I
believe that should be our aim.

...and I guess that would be my definition as well. I've never been one to
be too concerned about labels.


The horse was still kicking slightly when I got here.  I promise!


----------------------------------------------------------------------
Brian Taylor
johnthedwarf () ziplip com
"Sure you can get HIV from a mosquito -- if you have unprotected sex with
one!"

----------------------------------------------------------------------




-----Original Message-----
From: George Capehart [mailto:gwc () acm org]
Sent: Friday, January 02, 2004 10:57 AM
To: Teicher, Mark (Mark); Gary Flynn
Cc: focus-ids () securityfocus com
Subject: Re: True definition of Intrusion Prevention


On Friday 02 January 2004 09:41 am, Teicher, Mark (Mark) wrote:
> <comments within>

<snip>




---------------------------------------------------------------------------
---------------------------------------------------------------------------