Do you remember when IDS was dead, and supposed to be replaced by "thought-leading firewalls" by 2005?
Well, that prediction died pretty quickly. However, I expect to hear it again after reading DIB cybersecurity pilot has stopped 'hundreds' of intrusions, says Lynn:
About 20 companies participate in the Defense Department's 90-day pilot for an active network defense capability for the defense industrial base analogous to the Homeland Security Department's Einstein 3 effort, said Deputy Defense Secretary William Lynn.
During an address to the 2011 DISA Customer and Industry Forum in Baltimore, Md., Lynn said the sharing of malicious code signatures gathered through intelligence efforts to pilot participants has already stopped "hundreds of intrusions."
Lynn also laid blame for intrusions into military and defense industrial base networks on "foreign intelligence services," stating that they have stolen military plans, weapons system designs, source code and other intellectual property.
"This kind of cyber exploitation does not have the dramatic impact of a conventional military attack," Lynn said. "But over the long term, it has a deeply corrosive effect. It blunts our edge in military technology and saps our competitiveness in the global economy."
Foreign intruders have extracted terabytes of data from defense companies, he added.
This sort of story is likely to lead to the same arguments I heard eight years ago regarding "Intrusion Detection Systems" vs "Intrusion Prevention Systems," namely:
If you can detect it, why can't you prevent it?
This is a broad topic, so rather than try to answer everything here and now, I'll likely work on it over the coming weeks in individual posts.