IDS mailing list archives
RE: Changes in IDS Companies?
From: Brian Brotschi <brian.brotschi () sygate com>
Date: Wed, 16 Oct 2002 18:40:55 -0700
Hello All; vendor disclosure = I am employed by Sygate Technologies My observations of this topic over the past few years have lead me to believe that IDS is best used as a enabling technology which when properly implemented can lead to host systems which are more secure then without IDS. The whole premise of inspecting all traffic which is observed by either a network sensors or host based sensors has many inefficiencies, namely the amount of data which needs to be inspected to ferret out of the bad from the good and then reporting it over long periods of time to quantify the actual risk. A very real analogy can be drawn between how protocol analysis was originally used and then morphed into making IDS more efficient, the same analogy should be applied to IDS technologies, and how they can be used to make systems more secure. The approach which Sygate has taken is to apply IDS to traffic destined within a host to specific executable programs, thereby significantly reducing the rate of false positives. This I feel is the first step in the right direction. The subject of this message focuses on "changes in IDS companies", perhaps a more compelling subject would be "how best to apply IDS generated information to real world security threats & vulnerabilities" and what companies are best positioned to execute on this goal. Brian M Brotschi Sygate Technologies, Inc. Director of Security Solutions Business: 510-742-2642 Fax: 208-723-1666 Cell: 408-489-4157 Email:brian.brotschi () sygate com http://www.sygate.com Yahoo ID = brian_brotschi mobile=bbrotschi () vtext com -------------------------------------------- The information transmitted is intended only for the person to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -----Original Message----- From: J. Foobar [mailto:jfoobar1 () yahoo com] Sent: Tuesday, October 15, 2002 11:10 PM To: Avi Chesla; focus-ids () securityfocus com Cc: 'Samuel Cure' Subject: RE: Changes in IDS Companies? I remember reading an article on SF a year or more ago entitled "The Future of IDS" or something to that effect, wherein the author predicted the demise of separate NIDS and HIDS to be replaced with reactive all-encompassing systems relying on a few carefully placed network monitors and aggressively reactive host-based systems. Was he right? --- Avi Chesla <avic () V-Secure com> wrote:
I totally agree with you. Next generation IDS ,also being called Intrusion Prevention Systems or Perimeter Security devices are the next step in the evolution of the Traditional Intrusion Detection Systems. Vendors such as Intruvert, Tipping point , Vsecure Technologies , Lancope, Forescout , TopLayer (Mitigator) etc, are example of some. All these vendors claim to have an Intrusion Prevention Systems which usually has some kinds of Adaptive capabilities, they do behavioral and protocol analysis and do not based on attack signature (most of them) , they sit in-line (most of them), they mitigate attack without be depended in other products to do the blocking... Best Regards, Avi Chesla Director of Research Vsecure Technoliges, Inc. www.v-secure.com -----Original Message----- From: Samuel Cure [mailto:scure () netpierce net] Sent: Monday, October 14, 2002 10:54 PM To: focus-ids () securityfocus com Subject: Changes in IDS Companies? Just noticing some changes with some known IDS companies and wanted some feedback from the community. Because Marcus Ranum left NFR earlier this year and Ron Gula has left Enterasys Networks, I am questioning the future of some early-on IDS companies. I mentioned some time ago that the IDS market will eventually consolidate and it seems like things are moving in that direction. To further enforce my point, word on the street is TippingPoint is now seeking for someone to buy them out. Does anyone else have anything that could help validate this or these types of trends in IDS companies? Thanks in advance! ------------------- Samuel J. Cure Security Specialist NetPierce Security Services www.netpierce.net -------------------
__________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
Current thread:
- Re: Changes in IDS Companies?, (continued)
- Re: Changes in IDS Companies? roy lo (Oct 16)
- RE: Changes in IDS Companies? Oliver Petruzel (Oct 17)
- RE: Changes in IDS Companies? Mike Shaw (Oct 18)
- Re: Changes in IDS Companies? Frank Knobbe (Oct 18)
- Re: Changes in IDS Companies? Raistlin (Oct 31)
- Re: Changes in IDS Companies? Scott Wimer (Oct 31)
- Re: Changes in IDS Companies? Martin Roesch (Oct 16)
- Re: Changes in IDS Companies? Clint Byrum (Oct 17)
- Re: Changes in IDS Companies? Stephane Nasdrovisky (Oct 18)
- Re: Changes in IDS Companies? scottw (Oct 18)
- Re: Changes in IDS Companies? Aaron Turner (Oct 25)