IDS mailing list archives
Re: Are sophisticated attacks just FUD?
From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Wed, 7 Jul 2004 02:28:17 -0400 (EDT)
Sam and all,
I had a big discussion with my boss who claims most of the IPS, SIM and other new tools are just a hype protecting from sophisticated threats, which only exist in labs.
Here is another, scarier side of this discussion. You sit in the field, and your boss has a horrible suspicion that vendors out there are trying to sell their wares based on the "lab threats" that are "too sophisticated" for the real world. Some of us sit on the other side, in vendor labs, and sometimes (admittedly rarely!) _some_ folks think that _some_ of the products sold in the market will only protect you from basic threats that are "too simple" for the real world... For example, if you talk to NIPS vendors in detail, you'd learn that live inline blocking will only happen to protect you from _reliably identified_ threats. The latter definition often maps to simple and well-known threats. As far as the sophisticated stuff goes, you might get an alert or two - and then its up to your monitoring capability rather than a firewall/NIPS preventive capability. Best, -- Anton A. Chuvakin, Ph.D., GCIA, GCIH http://www.info-secure.org http://www.securitywarrior.com -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Are sophisticated attacks just FUD? Drew Simonis (Jun 30)
- <Possible follow-ups>
- Re: Are sophisticated attacks just FUD? Brian Lund (Jun 30)
- RE: Are sophisticated attacks just FUD? Keith T. Morgan (Jun 30)
- RE: Are sophisticated attacks just FUD? Angel Rivera (Jun 30)
- RE: Are sophisticated attacks just FUD? drbitbucket (Jul 01)
- RE: Are sophisticated attacks just FUD? Steve Hall (Jul 01)
- RE: Are sophisticated attacks just FUD? Joshua Berry (Jul 01)
- RE: Are sophisticated attacks just FUD? Chuck Herrin (Jul 04)
- RE: Are sophisticated attacks just FUD? Rob Shein (Jul 01)
- RE: Are sophisticated attacks just FUD? Runion Mark A FGA DOIM WEBMASTER(ctr) (Jul 04)
- Re: Are sophisticated attacks just FUD? Anton A. Chuvakin (Jul 09)