IDS mailing list archives
RE: True definition of Intrusion Prevention
From: "Bohling James CONT JBC" <james.bohling () JBC JFCOM MIL>
Date: Mon, 5 Jan 2004 17:09:01 -0500
On Monday Jan 5 George Capart wrote:
______________________________________________________________________
"I'd like to punt and say that what we really need to do is
manage risk."
______________________________________________________________________
Managing Risk is definitely a smart approach to managing a network.
______________________________________________________________________
"my personal opinion that intrusion
prevention is not a very useful term and if we, as an industry take
that up as a holy grail, we will waste a *lot* of cycles and accomplish
little. "
______________________________________________________________________
I want to say that IPS can be useful in the defense-in-depth
methodology. However, I think that in the early stages of IPS that we
can not have a real good estimate of functionality and value until
maturity sets in. At this point though, the ideology has promise.
Good thread
James
-----Original Message-----
From: George Capehart [mailto:gwc () acm org]
Sent: Saturday, January 03, 2004 12:31 PM
To: Teicher, Mark (Mark); drak3 () comcast net; Gary Flynn; Fengmin Gong
Cc: focus-ids () securityfocus com
Subject: Re: True definition of Intrusion Prevention
Firstly, this thread has confirmed my personal opinion that intrusion
prevention is not a very useful term and if we, as an industry take
that up as a holy grail, we will waste a *lot* of cycles and accomplish
little. I'd like to punt and say that what we really need to do is
manage risk. A good, robust risk management process will lead an
organization to the optimal (for that organization) set of controls for
managing the risks it faces. The solution set that one organization
chooses will be *very* different from that of another.
I'm going to shut up now. This message started out much longer than it
is now, but all I was doing was making the dead horse twitch with the
beating . . . . ;-)
Thanks for a great thread everyone!
/g
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Current thread:
- RE: True definition of Intrusion Prevention, (continued)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- Re: True definition of Intrusion Prevention Frank Knobbe (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Vigilant Labs (Jan 07)
- Re: True definition of Intrusion Prevention George Capehart (Jan 07)
- Re: True definition of Intrusion Prevention Andrew Plato (Jan 08)