IDS mailing list archives
RE: eEye Blink and other Endpoint IPS solutions.
From: <mashraf () hushmail com>
Date: Thu, 30 Jun 2005 04:27:25 -0700
Hi, Just wanted to say thanks for all your replies, here and emailed! There were some valuable comments and suggestions especially considering I gave so little information in my original questions. I've been working with IDS for a few years now and it has been problematic and ultimately judged unsuccessful by any currently meaningful criteria. Business requirements have changed so much in the last 3 or 4 years that what was once intended as a perimeter monitoring tool has ended up being judged on its ability to detect internal intrusions. This meant deploying unmanageable numbers of Snort sensors, being completely overwhelmed by the false alerts and spending countless hours fine tuning signatures on server by server basis. I know many of you must have had similar problems. I'd love to have a NIP appliance that could protect the entire server subnet but with 50 or more MS servers each connected by dual gigabit ethernet to switches with a notional backplane throughput of 64Gbs I think I may be being a bit optimistic! I've yet to find a NIPS that even claims to be able to exceed 5Gbs so I think that my only real option is something host based and maybe a couple of perimeter NIP devices for DDoS protection if I decide the risk warrants the cost. I can't imagine that our requirements are so very different from other much larger organisations so it is strange that so many IPS companies seem hung up on perimeter defence while the rest of the security industry has changed. On the plus side it makes evaluating the options much easier when there seem to be only Cisco and eEye in the marketplace :) Thanks, Mina Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- eEye Blink and other Endpoint IPS solutions. mashraf (Jun 27)
- RE: eEye Blink and other Endpoint IPS solutions. Alex Arndt (Jun 28)
- <Possible follow-ups>
- Re: eEye Blink and other Endpoint IPS solutions. Mark Teicher (Jun 28)
- RE: eEye Blink and other Endpoint IPS solutions. Billy Dodson (Jun 28)
- RE: eEye Blink and other Endpoint IPS solutions. mashraf (Jun 30)
- RE: eEye Blink and other Endpoint IPS solutions. Andrew Plato (Jun 30)
- RE: eEye Blink and other Endpoint IPS solutions. Palmer, Paul (ISSAtlanta) (Jun 30)