mailing list archives
Re: lots of monkeys staring at a screen....security?
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 27 Oct 2006 10:30:24 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Making IDS part of a defense in depth strategy is giving it some
credit for actually providing defense, which it doesn't do. The people
who win the IDS game are the people who spend the least money on it.
This is why security outsourcing makes money - it's just as worthless
as maintaining the IDS yourself, but it costs less. Likewise, Snort is
a great IDS solution because it does nothing but it does it cheaper.
The technology curve is towards complex, encrypted, asynchronous
protocols. The further into time you look, the worse the chances are
that sniffing traffic is an answer to anything.
The market is slowly realizing this technology's time has past, but in
the meantime lots of people are making giant bus-loads of cash. Good
for them. But IDS technology isn't relevant to a security discussion
in this day and age and it's not going to be anytime soon.
Kevin Johnson wrote:
On Oct 26, 2006, at 8:09 AM, Dave Aitel wrote:
My feeling is that IDS is 1980's technology and doesn't work
anymore. This makes Sourcefire and Counterpane valuable because
they let people fill the checkbox at the lowest possible cost,
but if it's free for all IBM customers to throw an IDS in the mix
then the price of that checkbox is going to get driven down as
I think that you are throwing away a technology because of the fact
it doesn't live up to the hype the sales monkeys have spewed.
While I will agree that IDS' are not the end all be all, they do
provide a very important layer within the defense in depth
strategy. Yes you can evade them, and yes most companies want to
just plug them in and forget about them, but that doesn't make the
I am a little biased, <grin> Kevin --------------------- GCIA, GCIH
BASE Project Lead http://base.secureideas.net The next step in IDS
_______________________________________________ Dailydave mailing
list Dailydave () lists immunitysec com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Dailydave mailing list
Dailydave () lists immunitysec com