Gary Crumrine writes: >Well thank you Mr. Ranum, another world according to Marcus speech. Ok, first off let me publicly apologize for the tone of my mail. :( Please chalk it up to stress and general lack of sleep, and forgive me if you can. I definitely came off as too dogmatic. Sorry! >The bottom line here is that there are a lot of tools out there, that are >used by professionals to provide them with information they percieve as >being important to them, or their management. That's the important question I am trying to get people to think about. First off, I don't agree that most of the people deploying security tools these days are professionals who have the background to use them adequately. This, I am painfully aware of, as someone who runs a company that has built an amazingly powerful tool that assumes expertise -- when expertise is in short supply... I built a lot of firewalls, and I've seen a lot of firewalls installed every which way but backwards. The reason I am going out on a limb here is to try to get folks to build the right things into their IDS' early on! Before it's too late! If I could go back in time, I'd'a built firewalls that had "policy writing wizards" that you could walk through and which would not only configure the firewall but give you a hardcopy risk assessment of the policy you built. Templates, too. We need the same kind of stuff for IDS. Or they will also be complicated, obscure products that get installed and ignored and finally unplugged. I'd hope that the fact that I am saying this in a public forum, effectively giving advice to potential competitors, will serve as proof of my earnest or foolishness or both. > Unfortunately, IDS systems seem to be the hot ticket these days. Forensic >tools are not, and will not be in my opinion until the legal system has had >more time to establish legal precidence. Business owners looking for tools >these days are going to ask one very important question. What value is >added with an IDS versus NFR. You clearly misunderstood my posting to be an attack on competing products. I guess I completely failed to get my point across. :( :( I suspect it's partly because you may have missed the point of what we've built at NFR -- it's a general purpose tool you could use for forensics, or you could build a "network grep" MD-IDS with it. I'm not saying that my software or any of the other players in the IDS market are lame -- I'm saying that I don't think that in their current form they solve a useful problem, but they're so darned close only a few of us realize it. The same MD-IDS which is useless outside a firewall is worth its weight in gold back in your data center watching your mainframe!! mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:50 PDT