How many in-line installations did you examine to obtain this result? I
can't imagine you did any research at all to come to this conclusion since
it is patently and proveably false.
When we were researching IPS, we did some very in depth investigation into
reference customers including the running config, and the vendor we
selected did in fact have a "recommended rule set" with over 800 sigs in
true prevention mode that we were able to turn on with "minor tweaks."
p.s. I'm not selling anyone anything.
raj_w_at_gmail.com
06/07/2006 12:25 To:
AM focus-ids_at_securityfocus.com
cc:
Subject:
Re: RE: IPS Market Share
In my experience, this is marketing hype. Nobody is running "their default
recommended settings" and only 10-20 signatures (if any) are run in
prevention mode.
It'd be interesting to hear some of the experiences people had deploying
IPS.
For us it's a short story. We got a high profile brand system, ran it for a
while in "learning"/detection only mode and then decided to keep running it
like that for now :)
Raj
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Jun 14 2006
Intro
