IPS vs IDS

Articles like Intrusion prevention: IDS' 800-pound gorilla make me sick. Quotes like this demonstrate the ignorance of the speaker:


Intrusion-detection systems do a good job of telling companies whether they are being compromised or attacked. So good, in fact, that some question whether systems should go a step further and prevent incidents. It doesn't seem much of a stretch to have systems "flip a switch instead of alerting" when an anomaly is found, said Pete Lindstrom, research director of Malvern, Pa.-based Spire Security.


Argh! Thankfully the same article shows some people still understand this issue:


Other companies, however, see their intrusion-prevention products as usurping IDS. Martin Roesch, cofounder and CTO of Columbia, Md.-based Sourcefire, which sells the commercial version of the open-source intrusion-detection system Snort, rejects such a suggestion. "Anyone who tries to sell you an intrusion-prevention system at the expense of an intrusion-detection system doesn't understand the problem stack," he said. "Intrusion prevention is access control. Intrusion detection is monitoring."
Sourcefire will probably play in the intrusion-prevention space at some point. "We see value in having an access control role on the network as well as a network-monitoring role, because it allows us to leverage the information to enhance monitoring and protection," Roesch said. "You can't have one without the other."

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics