IDS mailing list archives
RE: IDS is dead, etc
From: Ron Gula <rgula () tenablesecurity com>
Date: Wed, 25 Jun 2003 08:56:00 -0400
On 6/19/03 6:52 PM, "Giles Coochey" <giles () coochey net> wrote: > > I would love to see a fingerprinting tool that identified > the client > and server Operating System / Application and reduced the > priority of > alerts for false positives when it is known that the system is not > vulnerable. The alerts still flag, so we see the > drive-by-shootings, > but as their priority is reduced they are less significant. > > Anyone got any development ideas on this front?
The Lightning Console from Tenable Network Security does this. It uses distributed Nessus scanners to perform very fast vulnerability scans and takes feeds from Snort, Dragon and RealSecure. When an IDS event occurs, we check to see if the targeted system is vulnerable to the attack. If so the IDS event is logged with a "vulnerable" flag and the owners of the targeted system are alerted. In the IDS analysis window, a user can make their 100000s of IDS events 'disapear' only leaving the ones that target a vulnerability by clicking on the 'vulnerable' field. Ron Gula, CTO Tenable Network Security -------------------------------------------------------------------------------Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc Lance Spitzner (Jun 22)
- Re: IDS is dead, etc Martin Roesch (Jun 22)
- Re: IDS is dead, etc Dragos Ruiu (Jun 23)
- Re: IDS is dead, etc Martin Roesch (Jun 22)
- Re: IDS is dead, etc roy lo (Jun 22)
- Re: IDS is dead, etc broyds (Jun 22)
- Re: IDS is dead, etc belka (Jun 22)
- Re: IDS is dead, etc Martin Roesch (Jun 22)
- RE: IDS is dead, etc Craig H. Rowland (Jun 23)
- RE: IDS is dead, etc Paul Schmehl (Jun 25)
- RE: IDS is dead, etc Craig H. Rowland (Jun 25)
- RE: IDS is dead, etc Ron Gula (Jun 25)
- RE: IDS is dead, etc Craig H. Rowland (Jun 23)
- Re: IDS is dead, etc Lance Spitzner (Jun 22)
- Re: IDS is dead, etc Andrew Plato (Jun 25)