RE: Changes in IDS Companies?

[Karl Lynn <klynn () stackheap org>]

IDS's have been using reactive measures for some time now (Send RST
packets, reconfiguration of firewalls..etc..etc).  This usually isn't a
function that the vendor will have configured out of the box but the
technology has been there.  I think I would have to agree with Marty on
this one, I like the layered effect as opposed to one device handling the
work and load of many.  I also agree that the method of IPS has not been
addressed at all angles such as bandwidth, false-positive rates, but most
importantly the impact of the false-positive.  Since your IPS is basically
interacting with firewalls, sending RST packets, or even doing the
blocking itself.  I'd like to see the IDS evolve into a more interacting
product which works with multiple security devices within the network like
firewalls, routers, vulnerability scanners..etc..etc  The last thing I
want is something that got pushed out the door cause of "buzz word bingo".
Not to say its a bad idea or anything but get the IDS down right then lets talk
IPS.

-Karl

On Tue, 15 Oct 2002, J. Foobar wrote:

> I remember reading an article on SF a year or more ago
> entitled "The Future of IDS" or something to that
> effect, wherein the author predicted the demise of
> separate NIDS and HIDS to be replaced with reactive
> all-encompassing systems relying on a few carefully
> placed network monitors and aggressively reactive
> host-based systems.
>
> Was he right?
>
> --- Avi Chesla <avic () V-Secure com> wrote:
> > I totally agree with you. Next generation IDS  ,also
> > being called Intrusion
> > Prevention Systems or Perimeter Security devices are
> > the next step in the
> > evolution of the Traditional Intrusion Detection
> > Systems. Vendors such as
> > Intruvert, Tipping point ,  Vsecure Technologies ,
> > Lancope, Forescout ,
> > TopLayer (Mitigator) etc, are example of some.
> > All these vendors claim to have an Intrusion
> > Prevention Systems which
> > usually has some kinds of Adaptive capabilities,
> > they do behavioral and
> > protocol analysis and do not based on attack
> > signature (most of them) , they
> > sit in-line (most of them), they mitigate attack
> > without be depended in
> > other products to do the blocking...
> >
> > Best Regards,
> >
> > Avi Chesla
> > Director of Research
> > Vsecure Technoliges, Inc.
> > www.v-secure.com
> >
> > -----Original Message-----
> > From: Samuel Cure [mailto:scure () netpierce net]
> > Sent: Monday, October 14, 2002 10:54 PM
> > To: focus-ids () securityfocus com
> > Subject: Changes in IDS Companies?
> >
> >
> > Just noticing some changes with some known IDS
> > companies and wanted some
> > feedback from the community. Because Marcus Ranum
> > left NFR earlier this year
> > and Ron Gula has left Enterasys Networks, I am
> > questioning the future of
> > some early-on IDS companies. I mentioned some time
> > ago that the IDS market
> > will eventually consolidate and it seems like things
> > are moving in that
> > direction.
> >
> >
> > To further enforce my point, word on the street is
> > TippingPoint is now
> > seeking for someone to buy them out. Does anyone
> > else have anything that
> > could help validate this or these types of trends in
> > IDS companies?
> >
> >
> >
> > Thanks in advance!
> >
> > -------------------
> > Samuel J. Cure
> > Security Specialist
> > NetPierce Security Services
> > www.netpierce.net
> > -------------------
>
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com