Richard Bejtlich is one of the best sources of information and reasonable opinions about intrusion detection. He wrote a
very precise argument about why Detection is important even when you can use Prevention. I'll quote him here:
"traffic inspection is best used at boundaries between trusted systems. Enforcement systems make sense at boundaries between trusted and untrusted systems."
Very good!
No comments:
Post a Comment