IDS mailing list archives
RE: Definition of Zero Day Protection
From: "Drew Simonis" <simonis () myself com>
Date: Mon, 09 Aug 2004 18:42:16 -0500
----- Original Message ----- From: "Teicher, Mark (Mark)" Date: Mon, 9 Aug 2004 13:14:45 -0600 To: "Drew Simonis" , Subject: RE: Definition of Zero Day Protection
Drew, What host based products would fit this category based on the definition
I know that Cisco tries to position their "Cisco Security Agent" product in the 0 day blocking space, as it uses behavior blocking. I've also seen Symantec Manhunt (NIDS, but...) claiming to offer 0 day detection based on protocol detection. I don't think Symantec Host IDS offers the sort of behavior blocking yet, but it does support white listing to restrict application execution, which would offer some 0 day protection. I am not familiar with other offerings.
?? Do they really work ??
As mentioned, do we consider them working if, at 100% malicious detection, they lump in 20% non-malicious false positive? (of course, I am making these numbers up). I think, until the FP rate is reduced drastically, this sort of blocking technology (including IPS) is more marketing than mainstream. I don't trust the products to do what they say, and only what they say. -Ds -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: Definition of Zero Day Protection, (continued)
- RE: Definition of Zero Day Protection Fulp, J.D. USA (Aug 09)
- RE: Definition of Zero Day Protection Joshua Berry (Aug 10)
- RE: Definition of Zero Day Protection Brian Smith (Aug 10)
- RE: Definition of Zero Day Protection Teicher, Mark (Mark) (Aug 10)
- RE: Definition of Zero Day Protection Brian Smith (Aug 10)
- RE: Definition of Zero Day Protection Drew Copley (Aug 10)
- A Network IPS Proposal (was Definition of Zero Day Protection) Shaiful (Aug 13)
- Re: A Network IPS Proposal (was Definition of Zero Day Protection) Johnny Calhoun (Aug 16)
- Re: A Network IPS Proposal (was Definition of Zero Day Protection) Stefano Zanero (Aug 17)
- Re: A Network IPS Proposal (was Definition of Zero Day Protection) Shaiful (Aug 17)
- A Network IPS Proposal (was Definition of Zero Day Protection) Shaiful (Aug 13)
- RE: Definition of Zero Day Protection Drew Simonis (Aug 10)
- Re: Definition of Zero Day Protection Stefano Zanero (Aug 11)
- Re: Definition of Zero Day Protection hidsbr (Aug 10)
- RE: Definition of Zero Day Protection Joseph Hamm (Aug 11)