Incomplete Thought: In-Line Security Devices & the Fallacies Of Block Mode
Namely, hundreds of detailed discussions (read: lots of booze and whining) over the last 5 years has resulted in the following:
Most in-line security appliances (excluding firewalls) with the ability to actively dispose of traffic — services such as IPS, WAF, Anti-malware — are deployed in “monitor” or “learning” mode are rarely, if ever, enabled with automated blocking. In essence, they are deployed as detective versus preventative security services.
I have many reasons compiled for this.
I am interested in hearing whether you agree/disagree and your reasons for such.