|
Home > Archive > Snort > June 2004 > [Snort-users] Snort is a "niche player"
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Snort-users] Snort is a "niche player"
|
|
| Yaakov Yehudi 2004-06-29, 5:47 pm |
| I see that Gartner Research are dismissing Snort as a "Niche Player" in
their recent report "Magic Quadrant for Intrusion Detection Systems, 2H03".
Has anybody else read this report?, and if so, what is your opinion?
Regards, Ya'akov
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Keith W. McCammon 2004-06-29, 5:47 pm |
| [Warning: Uncensored and not entirely though through response follows.
I have not, nor do I plan to waste my time reading anything Gartner
publishes.]
These are the same people that, every time an IIS vuln hits the wire,
puts out a "report" that indicates that companies would be safer
immediately switching to another platform, running another web server.
Like someone who can't secure a Windows box can secure a Linux farm.
And because the risk analysis required for an organization to switch
platforms overnight is fast and/or easy. And because making knee-jerk
technical decisions like this is a good idea. And so on...
Anyone foolish enough to read anything that Gartner releases and take it
without a number of very large grains of salt should, by all means, stop
using Snort and immediately purchase and deploy whatever product Gartner
recommends by way of their little magic eight-ball/quadrant/revenue-box
(which, for the bargain price of ~$250/hour, Gartner will kindly design
and deploy for you--because they're nice people).
Yaakov Yehudi wrote:
> I see that Gartner Research are dismissing Snort as a "Niche Player" in
> their recent report "Magic Quadrant for Intrusion Detection Systems, 2H03".
> Has anybody else read this report?, and if so, what is your opinion?
>
> Regards, Ya'akov
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> ________________________________________
_______
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists...nfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf....ist=snort-users
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Frank Knobbe 2004-06-29, 5:47 pm |
|
--=-0YkwC4tkbojrylj0U2Oj
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2004-06-29 at 10:41, Keith W. McCammon wrote:
> Anyone foolish enough to read anything that Gartner releases and take it=20
> without a number of very large grains of salt should, by all means, stop=20
> using Snort and immediately purchase and deploy whatever product Gartner=20
> recommends by way of their little magic eight-ball/quadrant/revenue-box=20
You mean getting rid of IDSes and start buying Checkpoint firewalls with
Deep Packet Inspection? hmmmm....okay.
(If Snort is a niche-player, why is its rule syntax the inofficial
de-facto standard for the IDS industry? 
Cheers,
Frank
--=-0YkwC4tkbojrylj0U2Oj
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBA4ZGtJjGc5ftAw8wRAmUsAKCaUAWQaxtE
CeodOIqAf0KS1DyajwCfZiM9
8Yax2aMotgySdcHf/d/ebiI=
=5D20
-----END PGP SIGNATURE-----
--=-0YkwC4tkbojrylj0U2Oj--
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| twig les 2004-06-29, 5:47 pm |
| I have the report. The copy I have was sent to me by our
vendor, who is listed in the "Visionary" category. The fact
that they are in there immediately told me that Gartner had not
actually *used* any of these products because our vendor (who
will remain unnamed) is so atrocious. It is a 7-page report and
it gave me the distinct impression that were Gartner to be in my
house while I was painting they would stand behind me and point
out all the spots I missed while drinking a margerita with their
feet propped up on my table.
=====
-----------------------------------------------------------
With a few exceptions, secrecy is deeply incompatible with
democracy and with science.
--Carl Sagan
-----------------------------------------------------------
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Guillaume Arcas 2004-06-29, 5:47 pm |
| Yaakov Yehudi a dit :
> I see that Gartner Research are dismissing Snort as a "Niche Player" in
> their recent report "Magic Quadrant for Intrusion Detection Systems,
> 2H03".
> Has anybody else read this report?, and if so, what is your opinion?
Gartner... Gartner...
These same guys who said IDS were dead last year ? :-)
Guillaume Arcas
------------------------------------------------------------------------
L=E0-bas, vers le sud, la plaine s'ouvre, infinie, attirante...
Puis le d=E9sert, sa vie libre et errante et son bienfaisant silence.
Isabelle Eberhardt - Au pays des sables.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Martin Roesch 2004-06-29, 5:47 pm |
| The NAI guys were referring to the last Magic Quadrant (MQ) that came
out covering the IDS space that put them in the "lead" position due to
Gartner's enthusiasm for their Intruvert acquisition and relegated
Snort into the "niche" corner (with my own company Sourcefire out in
front of it by a little and below all the other companies). Snort and
Sourcefire were basically positioned in the quadrant which implies that
we are less able to execute on our plans and less innovative in our
technology than everyone else in the industry, including companies that
are smaller with less money than us and fewer customers as well as
companies that haven't invented or demonstrated any innovation in their
entire corporate history. If anyone wants a picture of the InfoWorld
2004 Innovator award I have sitting on my desk here (that we got for
Sourcefire inventing our RNA product) I can ship it over to show that
we are actually working on new stuff that is pretty cool (in my
admittedly biased opinion).
Before you call "sour grapes" on me, please be aware that given the
information Gartner had on Sourcefire at the time that they wrote this
MQ report this information was quite possibly relatively accurate in
terms of where they thought we were. Basically they thought we were a
niche player because they thought Sourcefire was strictly an IDS
company. Unfortunately, being a niche player didn't earn us a briefing
before they went to press with the MQ, so we ended up in loserland. I
probably didn't help "foster mutual communication and understanding" by
publicly calling bullshit on them last year when they took their "IDS
is dead" show on the road. Bygones people. Now that they've seen and
understand our RNA technology and how we're integrating network context
into our IDS processes as well as providing all the cool policy
enforcement stuff (as well as an IPS) they know that we're a lot more
than a one trick pony.
Now, Gartner just released one of their "Hype Cycle" reports a few
weeks ago that shows that Snort is in the "early mainstream" phase of
acceptance and on an even footing (in terms of acceptance of the
technology) with other well known Open Source technologies as Linux,
OpenSSL and Nessus. It's pretty surreal that NAI is presenting Snort
as a niche player when we're getting roughly 15,000 downloads of Snort
*per week* while the NAI/Intruvert combo has several hundred sensors
fielded after 18 months of selling.
Who's the niche player?
NAI is confusing their positioning (i.e. marketing) with their position
(i.e. acceptance/deployment), they have an enterprise high performance
intrusion detection/prevention engine that is priced to match and still
relatively early in their product life cycle. Snort is much more
widely deployed and accepted than they will ever be and quite frankly
has become the ruler by which most other IDS technologies seem to be
measured (or, less generously, the lowest common denominator of IDS
functionality).
Anyway, don't mean to get on a rant here but this is what a
psychologist would call "projecting". Look it up.
-Marty
On Jun 29, 2004, at 11:27 AM, etienne.causse@pierre-fabre.com wrote:
>
> I've seen a part of this report in a presentation made by Network
> Associates to my boss. They were trying to sell to us their Intrusion
> Protection System.
> I think it's not possible to know how many installations of Snort
> exists in
> the companies, as it is not a commercial product, so Gartner's figures
> are
> probably wrong.
>
> Anyways, i'm interested by any other comments about theses figures.
>
> Regards,
> Etienne.
>
>
>
>
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Michael Sconzo 2004-06-29, 5:47 pm |
| > If anyone wants a picture of the InfoWorld
> 2004 Innovator award I have sitting on my desk here (that we got for
> Sourcefire inventing our RNA product) I can ship it over to show that
> we are actually working on new stuff that is pretty cool (in my
> admittedly biased opinion).
I would believe it. As an avid fan of RNA I think you guys did a
great job with that and look forward to anything new you guys manage
to develop. So, keep up the good inovative work, and I'll go clean
this stuff off my nose. *sigh*
-=Mike
--
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| James Riden 2004-06-30, 3:06 am |
| "Guillaume Arcas" <guillaume.arcas@free.fr> writes:
> Yaakov Yehudi a dit :
>
> Gartner... Gartner...
> These same guys who said IDS were dead last year ? :-)
That's funny, my IDS just sent me an alert saying "Gartner is dead."
(Someone must have already made this [bad] joke, mustn't they?)
--
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Yaakov Yehudi 2004-06-30, 3:06 am |
| Thanks for your reply Marty, it seems like a pretty balanced one to me.
Regards, Ya'akov
-----Original Message-----
From: Martin Roesch [mailto:roesch@sourcefire.com]
Sent: Tuesday, June 29, 2004 22:41
To: etienne.causse@pierre-fabre.com
Cc: 'snort-users'; Yaakov Yehudi
Subject: Re: [Snort-users] Snort is a "niche player"
The NAI guys were referring to the last Magic Quadrant (MQ) that came out
covering the IDS space that put them in the "lead" position due to Gartner's
enthusiasm for their Intruvert acquisition and relegated Snort into the
"niche" corner (with my own company Sourcefire out in front of it by a
little and below all the other companies). Snort and Sourcefire were
basically positioned in the quadrant which implies that we are less able to
execute on our plans and less innovative in our technology than everyone
else in the industry, including companies that are smaller with less money
than us and fewer customers as well as companies that haven't invented or
demonstrated any innovation in their entire corporate history. If anyone
wants a picture of the InfoWorld
2004 Innovator award I have sitting on my desk here (that we got for
Sourcefire inventing our RNA product) I can ship it over to show that we
are actually working on new stuff that is pretty cool (in my admittedly
biased opinion).
Before you call "sour grapes" on me, please be aware that given the
information Gartner had on Sourcefire at the time that they wrote this MQ
report this information was quite possibly relatively accurate in terms of
where they thought we were. Basically they thought we were a niche player
because they thought Sourcefire was strictly an IDS company. Unfortunately,
being a niche player didn't earn us a briefing before they went to press
with the MQ, so we ended up in loserland. I probably didn't help "foster
mutual communication and understanding" by publicly calling bullshit on them
last year when they took their "IDS is dead" show on the road. Bygones
people. Now that they've seen and understand our RNA technology and how
we're integrating network context into our IDS processes as well as
providing all the cool policy enforcement stuff (as well as an IPS) they
know that we're a lot more than a one trick pony.
Now, Gartner just released one of their "Hype Cycle" reports a few weeks ago
that shows that Snort is in the "early mainstream" phase of acceptance and
on an even footing (in terms of acceptance of the
technology) with other well known Open Source technologies as Linux, OpenSSL
and Nessus. It's pretty surreal that NAI is presenting Snort as a niche
player when we're getting roughly 15,000 downloads of Snort *per week* while
the NAI/Intruvert combo has several hundred sensors fielded after 18 months
of selling.
Who's the niche player?
NAI is confusing their positioning (i.e. marketing) with their position
(i.e. acceptance/deployment), they have an enterprise high performance
intrusion detection/prevention engine that is priced to match and still
relatively early in their product life cycle. Snort is much more widely
deployed and accepted than they will ever be and quite frankly has become
the ruler by which most other IDS technologies seem to be measured (or, less
generously, the lowest common denominator of IDS functionality).
Anyway, don't mean to get on a rant here but this is what a psychologist
would call "projecting". Look it up.
-Marty
On Jun 29, 2004, at 11:27 AM, etienne.causse@pierre-fabre.com wrote:
>
> I've seen a part of this report in a presentation made by Network
> Associates to my boss. They were trying to sell to us their Intrusion
> Protection System.
> I think it's not possible to know how many installations of Snort
> exists in the companies, as it is not a commercial product, so
> Gartner's figures are probably wrong.
>
> Anyways, i'm interested by any other comments about theses figures.
>
> Regards,
> Etienne.
>
>
>
>
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring roesch@sourcefire.com -
http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Yaakov Yehudi 2004-06-30, 3:06 am |
| Yes, those would be the same ones! It's not the first time that I have
felt I needed to take one of their reports with a "pinch of salt" =
(sorry,
make that a cup!).
Regards, Ya'akov
-----Original Message-----
From: Guillaume Arcas [mailto:guillaume.arcas@free.fr]=20
Sent: Tuesday, June 29, 2004 20:05
To: Yaakov Yehudi
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Snort is a "niche player"
Yaakov Yehudi a dit :
> I see that Gartner Research are dismissing Snort as a "Niche Player"=20
> in their recent report "Magic Quadrant for Intrusion Detection=20
> Systems, 2H03".
> Has anybody else read this report?, and if so, what is your opinion?
Gartner... Gartner...
These same guys who said IDS were dead last year ? :-)
Guillaume Arcas
------------------------------------------------------------------------
L=E0-bas, vers le sud, la plaine s'ouvre, infinie, attirante...
Puis le d=E9sert, sa vie libre et errante et son bienfaisant silence.
Isabelle Eberhardt - Au pays des sables.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Darren Webb 2004-06-30, 3:06 am |
| Here is a link to the article.
http://mediaproducts.gartner.com/re...tes/120510.html
I would like to pose this question to the list (just a bit off topic). =
In
your company do you, as the IDS admin/user, have complete control over =
what
IDS systems you test and ultimately choose to bring in house? I bring =
this
up because my group (we are responsible for IDS) may lose the product
ownership of the IDS systems and be forced to deal with an in-house
engineering group for upgrades and new equipment/products. This group =
could
potentially leverage reports such as this to bring in IDS vendors (see =
the
Leader section in the "Magic Quadrant")that fit the Gartner definition =
of a
good IDS (regardless of how they perform in the real world).
Thanks.
Darren
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Yaakov =
Yehudi
Sent: Tuesday, June 29, 2004 10:49 PM
To: 'Guillaume Arcas'
Cc: 'snort-users'
Subject: RE: [Snort-users] Snort is a "niche player"
Yes, those would be the same ones! It's not the first time that I have
felt I needed to take one of their reports with a "pinch of salt" =
(sorry,
make that a cup!).
Regards, Ya'akov
-----Original Message-----
From: Guillaume Arcas [mailto:guillaume.arcas@free.fr]=20
Sent: Tuesday, June 29, 2004 20:05
To: Yaakov Yehudi
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Snort is a "niche player"
Yaakov Yehudi a dit :
> I see that Gartner Research are dismissing Snort as a "Niche Player"
> in their recent report "Magic Quadrant for Intrusion Detection=20
> Systems, 2H03".
> Has anybody else read this report?, and if so, what is your opinion?
Gartner... Gartner...
These same guys who said IDS were dead last year ? :-)
Guillaume Arcas
------------------------------------------------------------------------
L=E0-bas, vers le sud, la plaine s'ouvre, infinie, attirante... Puis le
d=E9sert, sa vie libre et errante et son bienfaisant silence. Isabelle
Eberhardt - Au pays des sables.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training. Attend =
Black
Hat Briefings & Training, Las Vegas July 24-29 -=20
digital self defense, top technical experts, no vendor pitches,=20
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=3Dort-users
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Bob Walder 2004-06-30, 3:06 am |
| Couldn't agree more - I do a presentation entitled "IDS is Dead?" (note
the question mark!) which cites various extracts from various Gartner
reports, including:
"Intrusion detection systems are a market failure, and vendors are now
hyping intrusion prevention systems, which have also stalled"
Richard Stiennon
Research Vice President, Gartner
June 2003
"IDSs have failed to provide value relative to its costs and will be
obsolete by 2005"
Gartner
June 2003
"The PC is dead - thin is in."
"By 2001 we will all have replaced our PCs with thin clients or
Network Computing devices."
Gartner
Circa 1998-99
That third one kills every time ;o)
I hate that they keep turning out crap like this, because they make
claims such as "IDS/IPS devices suffer from an inability to monitor
traffic at transmission rates greater than 600 megabits per second"
They base these ridiculous claims on.... Well, I am not sure what....
Hearsay? Finger in the wind? Who knows...
They CERTAINLY do not do any testing, nor do they speak to people like
us who DO do testing, since if they did, they would know that our latest
reports (www.nss.co.uk/ips and www.nss.co.uk/gigabitids) show several
devices that can go way beyond their mythical 600Mbps limit. We have
tried many times to get the likes of Gartner to work with us so they can
provide reports to their clients based on REAL testing, but they will
not have it.
As someone else on this thread said, to be taken with extremely large
amounts of sodium chloride...
Regards,
Bob Walder
Director
The NSS Group
[vbcol=seagreen]
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training. Attend
Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Bob Walder 2004-06-30, 3:06 am |
| Sorry... Got distracted after the first sentence so couldn't make it all
the way through for laughing, but....
"IDS vendors that have not introduced blocking capabilities by the end
of 2004 will not be viable providers beyond the end of 2005 (0.9
probability).
The intrusion detection industry (IDS) industry is struggling to justify
inordinate investments in complicated, expensive technology that does
little to protect the enterprise. Because IDS has reached the peak of
its usefulness as a stand-alone technology, and intrusion prevention
system technologies are offering significant challenges to IDSs, this
will be the final IDS Magic Quadrant that Gartner presents."
;o)
Anyone else agree with me that these two technologies (IDS and IPS - and
let's not get into another argument about *what* IPS is, let's just
accept the marketeers term for this particular thread, eh?) will
continue to live side by side for some time to come?
The good news is, at least we don't have to put up with another banal
IDS Magic Quadrant.... ;o)
Regards,
Bob Walder
[vbcol=seagreen]
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Paul Schmehl 2004-06-30, 5:48 pm |
| --On Wednesday, June 30, 2004 10:05:09 AM +0200 Bob Walder
<bwalder@spamcop.net> wrote:
>
> Anyone else agree with me that these two technologies (IDS and IPS - and
> let's not get into another argument about *what* IPS is, let's just
> accept the marketeers term for this particular thread, eh?) will
> continue to live side by side for some time to come?
>
Forget IPS. We're not having any problems blocking hosts using snort and
our own homegrown system of access control.
The problem with Gartner is that they're ivory tower, and snort is down
where the rubber meets the road. They can't see that far down.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The university of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
|
|
|
|
|