IDS mailing list archives

Re: IPS, alternative solutions

From: Jason <security () brvenik com>
Date: Wed, 15 Sep 2004 15:47:28 -0400

I've heard of no medium+ sized business that is considering deployinginline technology on the internals of the network in a sufficientlypervasive manner that there would be any measurable benefit from thetechnology over patching and asset management.


I would be seriously interested in an ROI that can demonstrate savings.

The simple question is how is inline packet scrubbing easier and morecost effective than patching?


Scott Wimer wrote:

Daniel,

I agree with your assessment.  What I have encountered in the
financial sector though is a desire to have the packets "scrubbed"
before they reach the servers.  People _want_ to deploy network based
IPS tools because it is easier and more cost effective.  That it
doesn't seem to be possible yet is another story altogether.

Regards, Scott Wimer

On Tue, 2004-09-14 at 06:01, Daniel wrote:

So far there has been a load of talk discussing which is the better
technology. Personally i dont think IPS is ready for the big time.
Yeah its great for small mum and dad networks, but for large
financial networks with billions of pounds flowing across them,
would you trust a technology to think and block what it seems as
bad traffic?

So what are the alternatives? I'd say more host based protection
such as:

- Stack protection - Application level firewalls
(ModSecurity/SecureIIS) - Host based firewalls

I'm interested to see what everyone else feels are alternatives to
IPS


--------------------------------------------------------------------------
 Test Your IDS

Is your IDS deployed correctly? Find out quickly and easily by
testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Current thread:

IPS, alternative solutions Daniel (Sep 15)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)
  - Re: IPS, alternative solutions Jason (Sep 16)
    - Re: IPS, alternative solutions Scott Wimer (Sep 15)
    - Re: IPS, alternative solutions Jason Haar (Sep 16)
- Re: IPS, alternative solutions Alex Butcher, ISC/ISYS (Sep 15)
- Re: IPS, alternative solutions Andy Cuff (Sep 16)
- <Possible follow-ups>
- Re: IPS, alternative solutions Johann_van_Duyn (Sep 15)
- RE: IPS, alternative solutions Palmer, Paul (ISSAtlanta) (Sep 17)
  - Re: IPS, alternative solutions Jason (Sep 17)
- RE: IPS, alternative solutions Murtland, Jerry (Sep 17)
- RE: IPS, alternative solutions Cure, Samuel J (Sep 21)
  - Re: IPS, alternative solutions Jason (Sep 22)

(Thread continues...)