I have just a short question. I can see the benefit of an IPS, namely
that it is possible to prevent certain attacks.
But still, an IDP is prone to false positives, in the same was as an IDS
- or did I miss something?
The evaluation process whether or not an attack is taking place does not
differ from what an IDS does. There are no new techniques!
Certainly, it is possible to combine different analysis technologies and
perhaps this also pais out but this is not said!
To my opinion it makes sense to block attacks which can be reliably
identified, but what about the others?
The limiting factor is still the rate of false alarms!
Regards
Andreas
------------------------------------------------------------------------
-------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
------------------------------------------------------------------------
-------
I have just a short question. I can see the benefit of an IPS, namely
that it is possible to prevent certain attacks.
But still, an IDP is prone to false positives, in the same was as an IDS
- or did I miss something?
The evaluation process whether or not an attack is taking place does not
differ from what an IDS does. There are no new techniques!
Certainly, it is possible to combine different analysis technologies and
perhaps this also pais out but this is not said!
To my opinion it makes sense to block attacks which can be reliably
identified, but what about the others?
The limiting factor is still the rate of false alarms!
Regards
Andreas
------------------------------------------------------------------------
-------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
------------------------------------------------------------------------
-------
[ reply ]