IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS vs. IPS deployment feedback

From: "Basgen, Brian" <bbasgen () pima edu>
Date: Thu, 6 Apr 2006 10:44:24 -0700
 
 I'm new to the list, but this flame war is a bit odd. This is an IDS list,
yet the usefulness of IDS is being dismissed?

 This debate could generate some interesting data. In snort, for example,
there are around 5,759 rules (3/31/2006, non-subscription rule base). I
don't have the metrics on hand of how many rules commercial IPS's deploy on
by default (and how many total can be turned on), but I'd guess it is around
500. I'd be interested to know those numbers, if someone has them. A vendor
comparison of rules could also be interesting. 

 What I draw from this ratio is that some 90% of attacks can get through an
IPS solution. That doesn't invalidate the IPS anymore than the IPS
invalidates a firewall, but it does indicate to me that IDS plays an
essential role. 

~~~~~~~~~~~~~~~~~~
Brian Basgen
IT Security Architect
Pima Community College

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: