z**r 发帖数: 17771 | | c*a 发帖数: 806 | 2 there are quite a few artciles talking about nework anomaly based IDS, arbor
networks SP product has been used by some customers, both enterprise and ISP
as IDS device based on netflow stats
others like Juniper ISG2000/1000 with IDP module
Not sure if anyone here have access to BurtonGroup (tbg.com), they have some
interesting articles. Gartner analysis is superficial compared to burton group
, | z**r 发帖数: 17771 | 3 I'll try to post another post to conclude the market analysis about IDS/IPS.
I'd like to try a summarization, and fortunately, I've found this,
IDS and IPS are solutions that enhance network security. They should be
implemented as an information infrastructure security level that immediately
follows the firewall. An IDS is a threat and security incident monitoring and
notification solution. An IPS takes additional measures to prevent attacks or
minimise their impact, or actively respond to a sec | z**r 发帖数: 17771 | 4 I am not expert of security industry, would like more input from folks here.
But I think DPI is much better than before. More and more companies start
providing hardware based DPI, not just for security, that's for the
applicatoin
networking.
Besides this, I also have concerns about the security rules. Years ago, ppl
don't need to worry about the traffic pattern as for security. However,
enterprises like a all-in-one box to manage the all the access control within
enterprises, say, the p2p traff | c*a 发帖数: 806 | 5 I'm sure Zher will post
but my understanding is that IDS is passive, alert only, and IPS is proactive
and will dynamically put filters on demand |
|