Friday, March 17, 2006

Why I don't like IPS

Someone asked me some days ago why I don't like IPSes. It's another device in the traffic path, subject to its own vulnerabilities and failures (see a recent vulnerability report for the TippingPoint IPS). I think that's too much risk for too few benefits, specially if you have a good vulnerability management process and a properly managed firewall.

I still think it can be a good tool for companies that are common targets to Script Kiddies and that have lots of published services available, as it is easier for them to let something wrong pass through its process and defenses. But, IMHO, for most cases, just waste of resources.

No comments:

Post a Comment