IDS mailing list archives
RE: RE: Which is the most widely deployed commercial IPS
From: "Andrew Plato" <andrew.plato () anitian com>
Date: Thu, 27 Apr 2006 15:09:23 -0700
Where am I going with this...? My biggest concern for the deployment I am targeting is False Positives. I definitely want the signature to be in blocking-mode out of the box. I am seeing companies like ISS ship many signatures in non=blocking mode, which at least for me is useless. Whats the point having the customer try to figure out if a signature should be switched back to blocking on not. So a product like that definitely out of the running.
Could do with some feedback from customers on here to help cut through the marketing and false claims.
Well, keep in mind that everybody on this list is going to portray whatever they sell, support or adore sound great. So, its difficult if not impossible to avoid bias and false claims. That much said, no IPS is going to be perfect out of the box. You have to invest in tuning and analysis to get them in a sweet spot. Moreover, every environment is different. So even though a vendor or reseller may say "this is what the big boys use" doesn't mean it will work for you. I would suggest you write down a set of requirements for an IPS. Then pick off the top 3 or 4 IPS vendors, demo their gear, and figure out which product fits best with your requirements. Don't trust what we say, get the gear in front of you and use it. That's a much more appropriate way to test which solution works. Furthermore, you might want to consider using an managed security provider to manage your IPS. If you're not sure what signatures to turn on or off, let a third party experts manage this for you. Oh, an one last note. Symantec's host and network products are totally different. So, your experiences in one (their host AV product) won't apply with their network products. _____________________________________ Andrew Plato, CISSP President / Principal Consultant ANITIAN ENTERPRISE SECURITY Your Expert Partner for Security & Networking 3800 SW Cedar Hills Blvd, Suite 280 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com _____________________________________ PGP/GPG public key available at: http://www.anitian.com/corp/keys.htm _________________________________________________ NOTICE: This email may contain confidential information, and is for the sole use of the intended recipient. If you are not the intended recipient, please reply to the message and inform the sender of the error and delete the email and any attachments from your computer. _________________________________________________ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Which is the most widely deployed commercial IPS thunking (Apr 18)
- <Possible follow-ups>
- RE: Which is the most widely deployed commercial IPS Andrew Plato (Apr 19)
- Re: RE: Which is the most widely deployed commercial IPS thunking (Apr 27)
- RE: RE: Which is the most widely deployed commercial IPS Alan Shimel (Apr 27)
- RE: RE: Which is the most widely deployed commercial IPS Andrew Plato (Apr 28)