IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Intrushield vs. ISS once more...

From: Thomas Ptacek <tqbf () arbor net>
Date: Fri, 7 Jan 2005 13:42:51 -0500

On Jan 7, 2005, at 10:17 AM, Adam Powers wrote:
StealthWatch also provides a myriad of other “single flow” alarms that work in combination with “multi-flow” alarms (flows being either NetFlow-based or... 


Other examples include the StealthWatch OS fingerprinting alarms.


Interesting. Your capabilities asymptotically approach those of Snort.


As a side note, starting with StealthWatch 4.5 (May 2005) the first 128
bytes of payload in each direction of each flow will be captured and saved 
to disk for later retrieval and analysis (31 days by default, can be
extended indefinitely).
This is easier than maintaining the continuous trailing N packets of context for every concurrent flow on the network. 

---
Thomas H. Ptacek // Product Manager, Arbor Networks
(734) 327-0000


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: