2. plenty of malware and c2 systems happily operate off all systems, regardless of how hardened (or how unix) they are - IDS/IPS is a reactive way to try and mitigate this
3. you don't need third party software to compromise the unix kernel, you just need to wait a week or two until someone finds a bug in the kernel itself
all that being said, this has solarwinds vibes. the push for these enterprise IDS systems needs to be weighted, the approach adjusted
2. plenty of malware and c2 systems happily operate off all systems, regardless of how hardened (or how unix) they are - IDS/IPS is a reactive way to try and mitigate this
3. you don't need third party software to compromise the unix kernel, you just need to wait a week or two until someone finds a bug in the kernel itself
all that being said, this has solarwinds vibes. the push for these enterprise IDS systems needs to be weighted, the approach adjusted