Re: Re: [Snort-devel] IDS vs IPS

[Frank Knobbe <frank () knobbe us>]

On Thu, 2003-08-28 at 03:16, Jason wrote:
> Thanks, I think the matrix shows fairly well that the _new IPS_ is a 
> natural evolution of the existing firewall.

Right. It is the merger of firewall and IDS. It has as much IDS as
firewall in it. But I wouldn't say that it is closer to either one. It
appears to have evolved into a category of its own.

> You can also have confidence in your firewall because your IDS verifies 
> what you told the firewall to do and covers your arse when you let 
> something by because of business requirements or a human error.

Exactly. This is precisely the point that Gartner missed. IDS are far
from obsolete. You always need to have an IDS inside to verify the
function (and detect failure) of the firewall or IPS. 

I probably made this prediction before, but here is a good place to do
it again. Mark my words :)  "We will see a new breed of software become
popular soon which is a merger of IDS and forensics software". 

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part