Re: True definition of Intrusion Prevention

[Frank Knobbe <frank () knobbe us>]

On Sat, 2004-01-03 at 11:31, George Capehart wrote:
> Firstly, this thread has confirmed my personal opinion that intrusion 
> prevention is not a very useful term and if we, as an industry take 
> that up as a holy grail, we will waste a *lot* of cycles and accomplish 
> little. [...]

Hey George,

thank you for steering the discussion in that direction :)

The same thread had disintegrated into a technical definition
championship on a different list at least once before. Yet the horse
keeps twitching.

Perhaps we can jointly bring it to the butcher (or soap-maker) and get
some use out of it. Let me throw a couple quotes back in from an email
of the past:

"We also acknowledge that Intrusion Prevention System is mostly a
marketing term. [...] Theoretically *any* countermeasure could be called
a Prevention system. A hardened OS prevents intrusions. [...]
Perhaps by discussion this down the right path we can show reasonably
well that the term is flawed, and perhaps through a collaborative paper
on the term of IPS we can convince the users/admins/buyers as well as
the vendors/market/industry to abandon use of that name...... Yeah, a
pipe dream.... but worth trying? If not, we don't even need to argue
here. Let's give our discussion a purpose or let it die."

.. which it won't apparently.


However, it seems that we have a couple vendors here in that discussion
that agree that this is a bad term. Perhaps we can encourage these
vendors to stop using the term. Perhaps the techies within <IDS-corp>
can lobby to management to abandon the term.

Thoughts?


Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part