Dropping the IDS concept is essentially stepping away from a viable and proactive approach to security. This is the same for IPSs. Incident handling is simply reactive. We must automate what we can as much as possible and in a secure manner to properly defend our critical systems in real time. No human can react faster than an automated tool. Attackers will continue to develop technology for circumvention and unless we do the same, we will be left in the dust.

Instead of looking at what technology we need to do away with, we need to be looking at technology that needs to be developed/augmented. The augmentation of the IDS concept to include active response (IPS) proves this as an advancement pattern. Any idea should only fade away in the shadow of a better solution. If Dave can come up with a proactive approach that proves his two cents in ROI as well as proven decrease in security incidents, I'll give him a dollar.

-k

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/457/34804#34804