RE: Changes in IDS Companies?

[Avi Chesla <avic () V-Secure com>]

I agree that advanced and aggressive HIDS are essential security components
and can covers a lot of servers and hosts vulnerabilities that no other
product can 
Network monitors are good research and analysis tool that will help the
experts to figure out what is wrong with the traffic (not in real-time). I
think that the future is one or few Intrusion Prevention Systems that sit
in-line in the gateway of the organization (before or after the router),
these products will detect and prevent network attacks in real-time. The IPS
will receive security information coming from the HIDS  (attacks that only
HIDS can detect) and will block the hackers in the gateway to the
organization before trying to hurt other hosts (without installed HIDS). I
think this is a good security platform that will be implemented in the
future (with other security product such as FW etc,).

Avi Chesla
Director of Research 
Vsecure Technologies, Inc.
Www.v-secure.com
      

-----Original Message-----
From: J. Foobar [mailto:jfoobar1 () yahoo com] 
Sent: Wednesday, October 16, 2002 8:10 AM
To: Avi Chesla; focus-ids () securityfocus com
Cc: 'Samuel Cure'
Subject: RE: Changes in IDS Companies?


I remember reading an article on SF a year or more ago
entitled "The Future of IDS" or something to that
effect, wherein the author predicted the demise of
separate NIDS and HIDS to be replaced with reactive all-encompassing systems
relying on a few carefully placed network monitors and aggressively reactive
host-based systems.

Was he right?

--- Avi Chesla <avic () V-Secure com> wrote:
> I totally agree with you. Next generation IDS  ,also
> being called Intrusion
> Prevention Systems or Perimeter Security devices are
> the next step in the
> evolution of the Traditional Intrusion Detection
> Systems. Vendors such as
> Intruvert, Tipping point ,  Vsecure Technologies ,
> Lancope, Forescout ,
> TopLayer (Mitigator) etc, are example of some.
> All these vendors claim to have an Intrusion
> Prevention Systems which
> usually has some kinds of Adaptive capabilities,
> they do behavioral and
> protocol analysis and do not based on attack
> signature (most of them) , they
> sit in-line (most of them), they mitigate attack
> without be depended in
> other products to do the blocking...
>
> Best Regards,
>
> Avi Chesla
> Director of Research
> Vsecure Technoliges, Inc.
> www.v-secure.com
>
> -----Original Message-----
> From: Samuel Cure [mailto:scure () netpierce net]
> Sent: Monday, October 14, 2002 10:54 PM
> To: focus-ids () securityfocus com
> Subject: Changes in IDS Companies?
>
>
> Just noticing some changes with some known IDS
> companies and wanted some
> feedback from the community. Because Marcus Ranum
> left NFR earlier this year
> and Ron Gula has left Enterasys Networks, I am
> questioning the future of
> some early-on IDS companies. I mentioned some time
> ago that the IDS market
> will eventually consolidate and it seems like things
> are moving in that
> direction.
>
>
> To further enforce my point, word on the street is TippingPoint is now
> seeking for someone to buy them out. Does anyone
> else have anything that
> could help validate this or these types of trends in
> IDS companies?
>
>
>
> Thanks in advance!
>
> -------------------
> Samuel J. Cure
> Security Specialist
> NetPierce Security Services
> www.netpierce.net
> -------------------


__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
*** eSafe scanned this email for malicious content ***
*** IMPORTANT: Do not open attachments from unrecognized senders  ***