Real world value of IDS/IPS
In the ongoing IDS debate, Amrit challenged me to put up blog postings of case studies with large organizations that are finding tremendous value in IDS. As I wrote to Amrit privately, unfortunately the ones I would really like to highlight would land me in major trouble if I mentioned them. In fact some of the ones I was referring to, do not in fact use StillSecure today for IDS. It is also a shame that one person who could probably give us lots of examples of IDS being useful, Marty Roesch, is under a gag order due to Sourcefire's S-1 filing. However, I am going to ask some of our sales and support engineers and see if I can get some up here.
In the meantime though, let me point to a real world, roll up his sleeves, security hero who fights the fight every day, Michael over at MCWResearch. Michael has written a response to Thomas at Matasano's post against IDS. In his post he gives us real life examples of how and when IDS saved his bacon. He also talks about the need for a defense in depth and his realistic expectations of what IDS/IPS gives him. Michael makes another good point in bringing up the Honeynet Project.
My point is this, though analysts and security experts may not see the value of IDS, there are thousands of Michael's out there who do see the value and the only way you could take away their IDS, is to pry it out of their cold, stiff, dead hands.
mcwresearch.com ยป Ptacek on IDS/IPS
Comments