intruSion Detection 223
making patches and antivirus somewhat useless as interactive blocker
defenses. All these trends make detection more important—but the
technology does have to actually work. It is not sucient to stamp the
word “heuristic” on the product. Bruce Schneier emphasizes detection
a great deal in his book Secrets and Lies, and indeed, I would go as far
as saying that the overall principle of detection, if it can be detec-
tion in the way of early warning, is something we cannot ignore in
security.
John Viega makes the valid point in his book e Myths of Security
about how it makes more economic sense for small- and medium-sized
enterprises to use the services of an MSP as opposed to deploying their
own in-house NIDS.
ere ...