SANS Digital Forensics and Incident Response Blog: Tag - IDS

Detection, Bandwidth, and Moore's Law

A Call to Arms for Intrusion Detection Software Innovation

For over a generation of professionals, Moore's Law has guided strategic planning related to computer hardware and software development. The security industry is no exception. However, there is a looming cataclysmic shift in the manifestation of this reality; one that requires the focus and attention of our vendors, lest our network analysis be left in the digital dust.

Network analysis is hard. Be it the real-time analysis expected of IPS devices, or the cached analysis which is badly needed but never provided by our vendors, our ability to detect hostility is constrained by four fundamental factors: what we look for, how we look for it, the amount of data we need to sift through to find it, and the computational power available to execute said detections. It is the interdependence of these last components that stands to most immediately and severely impact our ability to analyze network

... Continue reading Detection, Bandwidth, and Moore's Law