Re: Hybrid IDS

[mark.teicher () networkice com]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
At 10:02 AM 9/7/00 -0400, Marcus J. Ranum wrote:



> One place where the personall firewall / IDS hybrids present an
> interesting challenge to clarity is in performance marketing.
> Since they're operating at a packet level (sort of) an unscrupulous
> vendor (hi! you know who you are!) could claim their performance
> figures in terms of packets processed/second. So the vendor could
> say "in recent tests, our network IDS handled 10,000,000,000
> packets/second!!" without mentioning clearly that this was
> accomplished using a single host on a switch, but the host was
> only looking for attacks directed at itself... Such claims have
> already been made - clearly deceptive, but there you have it.


Whoa, wait a minute here, Network ICE accepted the challenge from 
Hiverworld at DefCon, and Network ICE was ready,  No one has heard from 
HiverWorld since.

Ah yes, Marketing, blame NAI, Symantec and Zonelabs for re-defining the 
market space or in other words segmenting a very infant market space.  So 
every vendor is attempting fit into as many market spaces as it can, in 
order to get the largest customer base.



> > Is there a clear cut definition out there somewhere?
>
> You're asking if marketing respects technical language? <giggle>
> I wish...  :(  We went through the same kind of nonsense early
> on in the firewall days - proxy firewalls, stateful turbo
> multi-whomping packet examination, etc, etc. Eventually terms
> settle down when the marketing folks find a set of features
> they can tout that don't cause people to break out in belly
> laughter whenever they use it.n


I tend to agree with MJR on this space, the marketing type firms out there 
don't really understand the space or the techie geekie stuff that some of 
us utter to them.  The tend to grab onto the first one or two blurbs of 
techie talk and that what they stick with.  You try to explain them the 
different between packet grepping and protocol decode, they get all glossy 
eyed and almost fall over from boredom.  The marketing type people layman 
explanations that some of us can never get across to them without bursting 
out laughing.. :)

/mark

> mjr.
> -----
> Marcus J. Ranum
> Chief Technology Officer, Network Flight Recorder, Inc.
> Work:                  http://www.nfr.net
> Personal:              http://www.ranum.com