IDS mailing list archives
CVE selection for IDS/IPS signature rules
From: "Ravi Chunduru" <ravi.is.chunduru () gmail com>
Date: Wed, 28 May 2008 22:32:35 -0700
Hi, There are over 30000 CVE vulnerability reports. Many IDS/IPS devices have around 4000-5000 signature rules. My guess is that these signatures may cover (detect)around 4000-7000 attacks. 23000 to 26000 CVEs, that is, significant number of CVEs are not covered by IDS/IPS devices. I am guessing that there is reason for this. IDS/IPS vendors may be selecting few CVEs for developing signatures. What is the selection criteria followed in industry? One criteria, I know is that Network IDS/IPS devices don't need to worry about attacks that can only be mounted on the local machine, that is, NIDS/NIPS devices only need to worry about detection of attacks mounted remotely. Are there any other considerations? Thanks Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- CVE selection for IDS/IPS signature rules Ravi Chunduru (May 29)
- Re: CVE selection for IDS/IPS signature rules Ron Gula (May 29)