IDS mailing list archives
RE: True definition of Intrusion Prevention
From: "Bohling James CONT JBC" <james.bohling () JBC JFCOM MIL>
Date: Mon, 5 Jan 2004 17:09:01 -0500
On Monday Jan 5 George Capart wrote: ______________________________________________________________________ "I'd like to punt and say that what we really need to do is manage risk." ______________________________________________________________________ Managing Risk is definitely a smart approach to managing a network. ______________________________________________________________________ "my personal opinion that intrusion prevention is not a very useful term and if we, as an industry take that up as a holy grail, we will waste a *lot* of cycles and accomplish little. " ______________________________________________________________________ I want to say that IPS can be useful in the defense-in-depth methodology. However, I think that in the early stages of IPS that we can not have a real good estimate of functionality and value until maturity sets in. At this point though, the ideology has promise. Good thread James -----Original Message----- From: George Capehart [mailto:gwc () acm org] Sent: Saturday, January 03, 2004 12:31 PM To: Teicher, Mark (Mark); drak3 () comcast net; Gary Flynn; Fengmin Gong Cc: focus-ids () securityfocus com Subject: Re: True definition of Intrusion Prevention Firstly, this thread has confirmed my personal opinion that intrusion prevention is not a very useful term and if we, as an industry take that up as a holy grail, we will waste a *lot* of cycles and accomplish little. I'd like to punt and say that what we really need to do is manage risk. A good, robust risk management process will lead an organization to the optimal (for that organization) set of controls for managing the risks it faces. The solution set that one organization chooses will be *very* different from that of another. I'm going to shut up now. This message started out much longer than it is now, but all I was doing was making the dead horse twitch with the beating . . . . ;-) Thanks for a great thread everyone! /g ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: True definition of Intrusion Prevention, (continued)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- Re: True definition of Intrusion Prevention Frank Knobbe (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Vigilant Labs (Jan 07)
- Re: True definition of Intrusion Prevention George Capehart (Jan 07)
- Re: True definition of Intrusion Prevention Andrew Plato (Jan 08)