Re: Useful NADS

["Albert R. Campa" <abcampa () gmail com>]

ISS has an ADS device.
Enterasys has ADS technology in their SIM Dragon. (brings in flow information)



On Sat, May 17, 2008 at 9:05 AM, Stefano Zanero <zanero () elet polimi it> wrote:
> Andrew Plato wrote:
> > Honestly, I have never found "network anomaly detection (NADS)" to be a
> > tremendously valuable technology for most organizations.
>
> Perhaps this is because no anomaly detectors exist in the commercial world
> with just a few exceptions (Lancope and Arbor being the two that come to
> mind) ?
>
> > in the hundreds
> >
> > of networks I have seen, very few of them are very clean. Most of them
> > are filthy with a constant onslaught of "anomalies.'
>
> A good anomaly detector should filter out those "anomalies", which by the
> sheer fact of being always there are extremely normal ;)
>
> > One thing I have learned in my travels installing IPS/IDS for 6+ years
> > now is that 95% of the admins out there pay very little attention to the
> > deluge of data that comes from IPS/IDS technologies.
>
> Then may I suggest that probably those technologies were either
> misconfigured or installed at the wrong sites ?
>
> Stefano
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from CORE
> IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------