Re: IPS, alternative solutions

[Mike Frantzen <frantzen () nfr com>]

> The way I see it, an IPS can attempt to contain your infestation and 
> help reduce your legal exposure from outbound attacks that would 
> otherwise make it to your partners... This is a value I can quantify and 
> the best use case I have seen for IPS. The problem I have with it is 
> that a properly implemented firewall can most likely do the same and 
> provide much better overall value.

One of the spots where an IPS beats a firewall hands down is on the
interior of a large organization.  I've seen too many large
disfunctional companies that compartmentalize their departments by
placing firewalls between each and every one.  Marketing and sales can't
access engineering project schedules and feature lists on the
engineering web server.  Engineering can't access the support database
to look for common issues and trends.  No one can access their
department's machines from their laptop when in a conference room...
etc etc

We end up with an authoritarian system where the firewalls inhibit the
communication inside the company.  An IPS can maintain the security
compartmentalization and containment without impeding the free flow of
information between departments.

I know I've bitched and moaned that some companies just don't talk
between departments.  And sometimes, they actually can't talk between
departments.

.mike
frantzen@(nfr.com | cvs.openbsd.org | w4g.org)
PGP:  CC A4 E2 E8 0C F8 42 F0  BC 26 85 5B 6F 9E ED 28

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------