Wait a minute, I thought automation was supposed to involve some measure of intelligence, kinda by definition?
Oh, but it’s a specialized form of automation.
First we have to go way, way back. Back to the days of random security technologies, when you had all kinds of different security technologies. And they all had to be managed. Seperately.
And then, oh joy, someone (either Marcus Ranum or Steve Bellovin, take your pick) invented firewalls! And we wouldn’t have to manage security anymore! And there was rejoicing!
Until we figured out that we were going to have to manage the firewalls.
And then someone invented Intrusion Detection Systems! And there was rejoicing!
Until we figured out that we were going to have to manage the IDS.
And then some marketing department invented IPS. And by this time, becoming jaded, we were asking questions. Like, what’s the difference between IDS and IPS. (Oh, really? An IPS prevents a packet getting through, rather than just detecting it? Then what’s the difference between an IPS and a firewall? Oh, really? An IPS is more intelligent? How so? Well, depends on which marketing department you ask. That’s what you get for using terms invented by marketing departments …)
But that “intelligent” business seems to have had a bit of magic in it. We’ve always had network monitoring, of one sort or another. For a long time we’ve had tools to help us sort through our logs (after all, even IDS is only a form of real-time log analysis). And people have been trying to sell us all “management” systems, to help with the work of, well, managing all the security bits and pieces. So why not get a log analysis package, bolt on a few other items (maybe virus scanning or something), and call the whole thing “intelligent”!
Hey, presto! A new marketing term!