IDS mailing list archives
Re: IDS vs Application Proxy Firewal
From: "alfredhuger () winterhope com" <alfredhuger () winterhope com>
Date: Fri, 24 Oct 2008 16:02:31 -0600
Arian,
Anyway, that said, the behavioral realm is begging to be explored more. I'm surprised none of the vendors have touched it. It seems so promising.
They have, the problem is in finding market applicability. This approach (and I expand this to behavioral protection in general) tends to be imprecise enough to require marriage to more direct methods like white listing and black listing. Simply put the false positive rates (when the technology is deployed in isolation) suck. Paying customers tend to have a pretty limited tolerance for that so the tech tends to get buried and becomes a victim of underemphasis. Hopefully the open source community will dig in and fix this for everyone else so they can profit on it.
ps -- unsure if this will make the list. Security Focus has randomly blocked me from some lists but not others, and I have been unable to get the SF list-server admins to respond to email about this for almost TWO YEARS now for some reason.
For a guy who is obviously quite intelligent I'm surprised you've not sorted this one out yet. Your posts are certainly well thought out and you clearly understand your space well. The gating factor for you ( or more precisely, your posts) is that you litter your posts with frenetic vitriol. In an otherwise fantastic post you make two cheap (albeit possibly true) shots at vendors in the app firewall/ids space and then follow up with a coup de grace at the site your posting through. All of this and your surprised your posts fail and the moderators ignore you? al ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS vs Application Proxy Firewal alfredhuger () winterhope com (Oct 24)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 27)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 27)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 28)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 28)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 28)
- Re: IDS vs Application Proxy Firewal Ashish Kamra (Oct 29)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 29)
- RE: IDS vs Application Proxy Firewal Kamra, Ashish (Oct 29)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 29)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 27)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 27)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 28)