IDS mailing list archives

Re: RE: IPS Market Share

From: Robert Schwartz <robert.schwartz () ucdmc ucdavis edu>
Date: Tue, 13 Jun 2006 13:07:03 -0700


How many in-line installations did you examine to obtain this result?  I
can't imagine you did any research at all to come to this conclusion since
it is patently and proveably false.

When we were researching IPS, we did some very in depth investigation into
reference customers including the running config, and the vendor we
selected did in fact have a "recommended rule set" with over 800 sigs in
true prevention mode that we were able to turn on with "minor tweaks."

p.s.  I'm not selling anyone anything.




                                                                           
             raj_w () gmail com                                               
                                                                           
             06/07/2006 12:25                                          To: 
             AM                        focus-ids () securityfocus com         
                                                                       cc: 
                                                                           
                                                                  Subject: 
                                       Re: RE: IPS Market Share            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




In my experience, this is marketing hype. Nobody is running "their default
recommended settings" and only 10-20 signatures (if any) are run in
prevention mode.

It'd be interesting to hear some of the experiences people had deploying
IPS.

For us it's a short story. We got a high profile brand system, ran it for a
while in "learning"/detection only mode and then decided to keep running it
like that for now :)



Raj


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

Current thread:

IPS Market Share Andrew Plato (Jun 05)
- <Possible follow-ups>
- RE: IPS Market Share Gary Halleen (ghalleen) (Jun 06)
- RE: IPS Market Share Andrew Plato (Jun 06)
  - Re: IPS Market Share Martin Roesch (Jun 09)
- RE: IPS Market Share Palmer, Paul (ISSAtlanta) (Jun 09)
- Re: RE: IPS Market Share raj_w (Jun 09)
  - Re: RE: IPS Market Share Robert Schwartz (Jun 14)