Comments on: Discussion on LinkedIn Group: What is the best IDS system? http://blog.ismaelvalenzuela.com/2008/10/13/discussion-on-linkedin-group-what-is-the-best-ids-system/ on ismaelvalenzuela.com Tue, 26 Jan 2010 17:57:24 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Antonio Maña http://blog.ismaelvalenzuela.com/2008/10/13/discussion-on-linkedin-group-what-is-the-best-ids-system/comment-page-1/#comment-1590 Antonio Maña Tue, 06 Jan 2009 12:02:52 +0000 http://blog.ismaelvalenzuela.com/?p=58#comment-1590 Interesting post. Actually, I tend to coincide with both views. On the one hand I believe that IDSs as they are today are obsolete and will not be useful to cope with the needs of the next wave of highly distributed systems. On the other hand, I also believe that the concept will always be valid, as we must assume that we can not build perfectly secure systems. But the new IDSs will have to evolve a lot in order to adapt to the future computing models. In particular, I believe that the way to go is to create micro-IDSs. These IDSs (call them transparency and monitoring capabilities if you want) will have to be integrated in every security-relevant component of the system and they will have to interoperate with the IDSs of other components. The reason for this approach is to maintain the right degree of trust in every component. Transparency in this context means that components expose some of the monitoring results to the rest of the system. In this way an application based for instance on web services can establish a general IDS based on the components' exposed information. Best regards and btw happy 2009 to all, Antonio. Interesting post. Actually, I tend to coincide with both views.
On the one hand I believe that IDSs as they are today are obsolete and will not be useful to cope with the needs of the next wave of highly distributed systems.
On the other hand, I also believe that the concept will always be valid, as we must assume that we can not build perfectly secure systems. But the new IDSs will have to evolve a lot in order to adapt to the future computing models. In particular, I believe that the way to go is to create micro-IDSs. These IDSs (call them transparency and monitoring capabilities if you want) will have to be integrated in every security-relevant component of the system and they will have to interoperate with the IDSs of other components. The reason for this approach is to maintain the right degree of trust in every component. Transparency in this context means that components expose some of the monitoring results to the rest of the system. In this way an application based for instance on web services can establish a general IDS based on the components’ exposed information.

Best regards and btw happy 2009 to all,
Antonio.

]]> By: Martijn van Halen http://blog.ismaelvalenzuela.com/2008/10/13/discussion-on-linkedin-group-what-is-the-best-ids-system/comment-page-1/#comment-1241 Martijn van Halen Tue, 25 Nov 2008 22:17:53 +0000 http://blog.ismaelvalenzuela.com/?p=58#comment-1241 Nice post Ismael. In my area, online Credit Card payments IDS can be obligated by a security auditor. Some say you will need it some say host based intrusion dection is enough. I believe that if you use it, you should watch it 24/7 365. Otherwise it's a waste of money/time. In that aspect I would suggest a MSSP like BT INS with the http://bt.counterpane.com/ Counterpane solution. Or having your own team of tech support watching. But they need to be trained properly. Nice post Ismael. In my area, online Credit Card payments IDS can be obligated by a security auditor. Some say you will need it some say host based intrusion dection is enough.
I believe that if you use it, you should watch it 24/7 365. Otherwise it’s a waste of money/time. In that aspect I would suggest a MSSP like BT INS with the http://bt.counterpane.com/ Counterpane solution. Or having your own team of tech support watching. But they need to be trained properly.

]]> By: Ismael Valenzuela http://blog.ismaelvalenzuela.com/2008/10/13/discussion-on-linkedin-group-what-is-the-best-ids-system/comment-page-1/#comment-404 Ismael Valenzuela Tue, 14 Oct 2008 19:51:08 +0000 http://blog.ismaelvalenzuela.com/?p=58#comment-404 Thanks for your comment Sam. Thanks for your comment Sam.

]]> By: Sam Van Ryder http://blog.ismaelvalenzuela.com/2008/10/13/discussion-on-linkedin-group-what-is-the-best-ids-system/comment-page-1/#comment-403 Sam Van Ryder Tue, 14 Oct 2008 18:29:51 +0000 http://blog.ismaelvalenzuela.com/?p=58#comment-403 You are absolutely right. And this "IDS is dead" argument is actually what has been obsolete for the past few years. If it weren't the case, we wouldn't be seeing the growth we are (in my case, an IDS/VA solution provider). It all comes down to what you already describe - the customer's needs. You are absolutely right. And this “IDS is dead” argument is actually what has been obsolete for the past few years. If it weren’t the case, we wouldn’t be seeing the growth we are (in my case, an IDS/VA solution provider). It all comes down to what you already describe – the customer’s needs.

]]>