aleph1SECURITYFOCUS.COM

• Next message: Chuck Marchman: "Re: Host IDS"
• Previous message: Gene Kim: "Re: Host IDS"
• In reply to: Gene Kim: "Re: Host IDS"
• Next in thread: Chuck Marchman: "Re: Host IDS"
• Reply: Elias Levy: "Re: Host IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Gene Kim (genekTRIPWIRE.COM) [001031 17:50]:
>
> My question: Is there a danger in stepping out of the high-sizzle area of
> "intrusion detection"? We all think it sounds so sexy. :-) (Note AIDE
> stands for "advanced intrusion detection environment"... And the original
> Tripwire papers did say that Tripwire was originally designed for "intrusion
> detection")

Certainly. That is why everyone is trying to sell their product as an
IDS, whether it fits that category or not. Trying to educate users about
new category of products is not easy. Its simpler for the marketing
department to sell their product under some category the user already
understands.

For example, Memco's SeOS (now CA's) is a system call level access control
program. Joe IT may not know what that means but he has heard of IDSes.
ClickNet's Entercept is based on the same idea, but since selling
syscall access control by itself is no easy task, they've added signature
to the product and can now sell it as an IDS.

As a side note while reading the Entercept web page I came across this
line "Eliminates the need for dedicated security expertise". I worry
about any product that claims it eliminated the needs for a knowledgeable
security staff.

P.S. Trim your quotes.

> Cheers,
> Gene
> CTO, Tripwire, Inc.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

• Next message: Chuck Marchman: "Re: Host IDS"
• Previous message: Gene Kim: "Re: Host IDS"
• In reply to: Gene Kim: "Re: Host IDS"
• Next in thread: Chuck Marchman: "Re: Host IDS"
• Reply: Elias Levy: "Re: Host IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]