IDS mailing list archives
Re: IPS comparison
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Tue, 30 Aug 2005 00:01:01 +0200
Daniel Cid wrote:
This "anomaly" detection will only detect 0-day exploits for known vulnerabilities.
A zero-day exploit is a curious marketing thing. You suddenly redefine a difficult problem (catching zero-days) as a rather simpler problem (create signatures that actually describe the vulnerability, which is what any signature worth your licensing cost should do). So, presto!, you can rush up and put out some rather nice marketing material on it. Fact is, anomaly detection is so rare that it's almost unexistant in the commercial products, except for limited forms of "protocol anomaly detection" and for Arbor's peakflow technology. Best, Stefano Zanero --------------------------- Secure Network S.r.l. www.securenetwork.it ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IPS Comparison Stefano Zanero (Aug 27)
- <Possible follow-ups>
- Re: IPS comparison Stefano Zanero (Aug 29)
- Re: IPS comparison Sanjay Rawat (Aug 30)
- Re: IPS comparison Stefano Zanero (Aug 30)
- Re: IPS comparison Sanjay Rawat (Aug 30)
- Re: IPS comparison Stefano Zanero (Aug 29)
- Re: IPS comparison Ron Gula (Aug 30)
- Re: IPS comparison Adam Powers (Aug 31)
- Re: IPS comparison Mike Poor (Aug 30)
- Re: IPS comparison Ron Gula (Aug 30)
- RE: IPS comparison Joseph Hamm (Aug 30)
- RE: IPS comparison Seek Knowledge (Aug 31)
- RE: IPS comparison Joseph Hamm (Aug 30)
- Message not available
- RE: IPS comparison Ron Gula (Aug 31)
- Message not available