Some time back when I was testing the Cisco IDS system at a Cisco Offshore Development center, I often felt like we are in an era of ‘converged solutions’ but often the elements are not converged at all.
A distributed Intrusion Detection/Prevention System should be able to manage itself to a larger extent on the operational side and should leverage the fuctionality of assessments to the Network Security Auditor
The article is a mix of ideas I brooded and published at SecurityDocs
