IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wishlist for IPS Products

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 15 Sep 2004 20:52:57 +1200
On Fri, Sep 10, 2004 at 10:18:27AM -0400, PS R wrote:

I am thinking of:
- Flow Control - limitations on flooding, unused connections, etc...
- Robust, ACURATE signature base
- Packet capture - no debate on how much before, as that has been covered
- Pre-deployment network analysis tools to accelerate deployment
- Anomaly detection
- Alert export compatibility with 3rd party event management solutions


One thing I think is important is that these vendors realise that just
*MAYBE* their customers already have existing infrastructure for doing
things like alerting, and that they should support that instead of creating
yet another damn stand-alone application.

We need to see more integration in this industry - hell - IT in general.

By alerting, I mean support SNMP traps (gah!), eventlog (for Windows), and
better yet - syslog. There are still too many "security products" out there
that think logging to their own text file or proprietary database is the
best way of doing things. I'm not saying any of that needs to be thrown out,
but they should try to ADDITIONALLY support mechanisms their customers have
probably got covered.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: