Dailydave mailing list archives
Re: lots of monkeys staring at a screen....security?
From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 26 Oct 2006 15:32:31 +0100
On 26 October 2006 13:10, Dave Aitel wrote:
Well, it turns out IDS's and managed security services can at least provide financial security. :> Sourcefire IPO's. Something they were on track to do anyways until Checkpoint offered them too much money to turn down, I assume. http://www.sourcefire.com/news/press_releases/pr102506.html
IMO: Sourcefire offers OSS support services, relating to snort in particular. That seems reasonable to me, it's not like they're offering utter vapour. It may turn out not to be a successful business model, but it is still a genuine one, whether wrong or right in the long run. (Also IMO: Zone Alarm was brilliant until Checkpoint bought out ZoneLabs. Now it sucks. Bloated and featuritis-ridden.)
BT Group buys Counterpane for 20M. What were Counterpane's revanues I wonder. You always heard about them, but I never saw them at an actual client. http://www.schneier.com/blog/archives/2006/10/bt_acquires_cou.html
Well, yes, in theory, but don't forget that Albert Einstein wears Bruce Schneier pajamas (http://geekz.co.uk/schneierfacts/)...
My feeling is that IDS is 1980's technology and doesn't work anymore. This makes Sourcefire and Counterpane valuable because they let people fill the checkbox at the lowest possible cost, but if it's free for all IBM customers to throw an IDS in the mix then the price of that checkbox is going to get driven down as well.
Up to a point. Well, for a start, it may be 80's tech., but there really weren't any serious implementations of it in the 80's. 80's in the lab = late 90's/early 00's for something that's actually practical, commoditized, and can be plugged in and "just work"(TM). Second point is: defense in depth. It's an extra barrier. You don't /not/ run an AV just because someone can write a custom virus it won't detect. You run simple and automated systems that can deal with the 90% of threats that are easily managed in order to free up valuable /human/ resource to look into the 10% that really do need to be understood. It does /work/; it's just that, when working, it only has a limited role to fill and is not a one-stop-shop-one-size-fits-all-be-all-and-end-all-turnkey-security-solution. But then again, nothing is. Or at any rate, no automated system is. The only thing that *really* works for security is people. Lots and lots of people, looking at what's going on and thinking about it and worrying about whether something's wrong or not. It would require a huge leap in AI for any IDS to be capable of distinguishing false positives from real alerts, or to spot some anomaly elsewhere in the network that makes it take a closer look for false negatives, that's something that only human intelligence is capable of, and it's not the fault of IDSen in general that they aren't as smart as people, it's the fault of anyone who expects an IDS could substitute for a real live person. Automated tools can help at filtering and prioritising the human workload, and nobody should pretend they can replace it altogether, so I think you're asking too much of it for it to count as "work[ing] anymore" by your standards. So, even if it is "filling a checkbox", it's a checkbox that does need to have at least /something/ to fill it. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- lots of monkeys staring at a screen....security? Dave Aitel (Oct 26)
- Re: lots of monkeys staring at a screen....security? Dave Korn (Oct 26)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 27)
- Re: lots of monkeys staring at a screen....security? Gadi Evron (Oct 27)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 27)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 26)
- Re: lots of monkeys staring at a screen....security? Jamie Riden (Oct 26)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 27)
- Re: lots of monkeys staring at a screen....security? Dave Aitel (Oct 27)
- Re: lots of monkeys staring at a screen....security? Halvar Flake (Oct 27)
- Re: lots of monkeys staring at a screen....security? Thomas Ptacek (Oct 27)
- Re: lots of monkeys staring at a screen....security? Matt Beaumont (Oct 27)
- Re: lots of monkeys staring at a screen....security? Dave Aitel (Oct 28)
- Re: lots of monkeys staring at a screen....security? Dave Aitel (Oct 27)
- Re: lots of monkeys staring at a screen....security? Dave Korn (Oct 26)