Re: NADS ( was RE: IPS comparison)

[Seek Knowledge <aseeker03 () yahoo com>]

Joe wrote ....

> ... "infrastructure IPS".... allows the NADS to find
the 
> piece of network infrastructure closest to the
threat 
> (router, switch, firewall, etc.) and take blocking
action
> there in order to quarantine the attack.  

Can you point me to some info on the infrastructure
examples where this would work? Sounds like a great
concept  but when I evaluated Lancope last year, I
don't remember this feature being present at the time.


> ...However,  in speaking with customers, it [IPS] is
too 
> costly to deploy in a scenario that can give you 
> adequate network visibility or proper blocking
> capabilities inside your organization.  

Just because it is costly does not mean it is not a
good security solution. It just means that the
solution is expensive.. but it does exist. I am
fighting this battle now trying to get IPS deployed
everywhere possible. My justification... I either get
one security analyst per critical segment and charge
him with watching 24x7x365 and responding within 10
seconds or I deploy IPS. The IPS solution is cheaper
and more practical.

I too share your sentiment about IPS being sold as the
"silver bullet." I wanted it to be. I tried it... and
it was not. It is another tool in the infrastructure
tool kit.

Regards,
Hassan  Karim, CISSP



Send instant messages to your online friends http://uk.messenger.yahoo.com 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------