IDS mailing list archives
Re: IDS detection approaches
From: p1g <killfactory () gmail com>
Date: Sun, 14 Oct 2007 20:24:08 -0400
What do you think is the most probable approach that will complement the signature based approach in the recent future? There are alot of options for complementing signature based. There are programs that will coorelated IDS events with system event logs. There is Behavioural Analysis. Mazu, IBM consult, Enterasys all do this. Combined with NetFlow analysis. With all this information you need a Security Information Manager to massage this data into some useful information. Something that you can act upon. I use Enterasys' Dragon Security Command Console(SIM). I combine this with their Dragon IDS(signature based) and behavioural sensor. This allows me to coorelated Win32 eventlogs, webserver logs, DB logs, NetFlow feeds, IDS events, AV alerts, Firewall logs, VPN logs, etc. DSCC also allows me to combine vulnerability information on all of my assets. This information can be use to help triage offenses. The DSCC will manage nessus and nmap remotely. It is alot of work to setup and configure an accurate SIM. But it is a great exercise in getting to know your environment. :) On 10/4/07, snort user <snort.user () gmail com> wrote:
Greetings. I have a general IDS related query: what are the current trends in intrusion detection methods? Signature based seems to be the most commonly used approach. There are also lot of products that implement protocol decoding/analysis to assist the signature based approach. There are a few rate based and anomaly based products too. What do you think is the most probable approach that will complement the signature based approach in the recent future? Thanks for the reply ! ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
-- -p1g SnortCP ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS detection approaches snort user (Oct 04)
- RE: IDS detection approaches Srinivasa Addepalli (Oct 05)
- RE: IDS detection approaches Campa, Albert R. (Oct 05)
- Re: IDS detection approaches Stefano Zanero (Oct 10)
- Re: IDS detection approaches p1g (Oct 15)
- <Possible follow-ups>
- Re: IDS detection approaches frankfrydrych (Oct 05)
- Re: IDS detection approaches Gary Halleen (Oct 09)
- Re: IDS detection approaches Randal T. Rioux (Oct 12)
- Re: IDS detection approaches Gary Halleen (Oct 12)
- Re: IDS detection approaches Gary Halleen (Oct 09)
- Re: IDS detection approaches jean-philippe luiggi (Oct 09)
- Re: IDS detection approaches Adam Powers (Oct 09)
- RE: IDS detection approaches 'Merigoth' (Oct 09)
- Re: IDS detection approaches Liran Cohen (Oct 15)
- Oracle XDB FTP Kanagasingham, Prathaben (Oct 26)
- RE: IDS detection approaches Nelson Brito (Oct 09)