<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Again, small improvements are better than none.<br></blockquote>
<div><br>This argument is NOT correct when the so called "improvements" steals time and money from an Enterprise. Going through IDS logs, configuring NIDS etc. are time and money consuming tasks that deliver little in return. There are actually far more rewarding things your IT security personal could do rather than shifting through immense amount of pointless IDS logs. How about auditing your webapps and third party applications ? Checking and deploying critical security fixes for the high risk environments etc etc<br>
<br>This has been stated several times before but it won't hurt to say it again. Defending protocol parsers by writing more protocol parsers on top was the dumbest infosec idea ever concieved. And it amazes me that people making a living out of this, still trying to defend it with pointless than ever arguments. You lost the game, its time to change the game plan or to shut up. Let your sales drone do the evangelism. We are in 2008 and the art of hacking, REing, exploitation has evolved far beyond than your capabilities. Evolve or *die, simple as that ...<br>
<br>-olef<br><br></div></div>* I have always understood and agreed to the concept of companies making business on selling crap and people making a living on doing shit. I see that it is a necessary concept to keep the market economy going but I wouldn't take it as far as to defend it. <br>
<br>