As I understand IPS/IDS, it database of know threat (like http sql Injection), the move to encrypt and strict firewall rules. My question is IPS/IDS for industrial a feel good product, that can't give you a false feeling security? When most threats happens on accepting services, that are encrypted, and very few attacks happen, and few get reported. For DDoS a good setup of firewall (rate limits etc) , can do the same.
Ref: * https://www.controldesign.com/articles/2020/the-truth-about-industrial-network-cybersecurity/ * https://www.juniper.net/us/en/research-topics/what-is-ids-ips.html * https://threatlabs.juniper.net/signatures/search/#/list/ips
No comments:
Post a Comment