Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: 24/7 managed ids system

  1. #11
    Junior Member
    Join Date
    Mar 2003
    ISS also provides a managed service for this both directly as well as through resellers. I would guess they have broad geographical coverage and high quality of service though we do not use them. It sounds like your client has a healthy budget and may be interested in top-tier service.


    I would be interested to hear the results of your search and what interesting lessons came to light about this area as I am going to be looking into the same issue soon.

    Good Luck!

  2. #12
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    I have been researching SecureWorks a little myself. They do 24/7 managed IPS as opposed to IDS. They claim to have pioneered IPS. Here is a quote from their site:

    Process: The SecureWorks method of encoding attack signatures is unique, and the process is patent-pending. Our approach dramatically reduces false-positive alerts, allows legitimate network traffic to flow unabated, and launches very specific countermeasures against very specific exploits rather than deploying broad or poorly defined attack signatures
    Rather than simply monitoring and alerting when an intrusion is detected, their IPS allows you to specify countermeasures like blocking specific IP addresses or ports. It does this automatically and proactively rather than waiting for the admin to receive an alert and manually implement mitigation.

    It seems interesting and I am trying to gather more info and see if IPS is all its cracked up to be or if its just a nice buzzword for IDS on steroids.

  3. #13
    Senior Member
    Join Date
    Oct 2001
    Tony- In my opinion IPS is the same thing as IDS... And there are other companies, and have been other companies in the past that provide this type of service. Pilot network services was a company that a good friend of mine worked for. They went out of business because of poor management, but they had a system that was an IDS as well as what this company is calling an IPS. In that if the IDS saw that there was x number of alarms coming in from a specific IP, it would send the appropriate commands to the firewall router to block that IP.

    I recently worked on a job where we used ISS and NetIQ to accomplish the same thing. Not really groundbreaking, but a good way to do things.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts