Snort mailing list archives
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ?
From: Seth Hall <seth () remor com>
Date: Tue, 10 May 2011 10:34:20 -0400
Hi Martin! On May 10, 2011, at 9:47 AM, Martin Holste wrote:
So my question to you is this: what is NSS doing in its testing batteries to evaluate how well products are finding malware check-ins and/or data exfiltration versus exploitation?
Thanks for asking this question. I was just about to ask a very similar question. For teams practicing large scale intrusion detection, the commonality seems to be that they don't care about exploits and want to find all of the existing compromises because they're always out there, they just haven't found them yet, right? :) I think the problem here may be that NSSLabs only tests "intrusion prevention" products where the focus seems so heavily oriented toward catching the exploits whereas intrusion detection systems get to be a little freer to just detect weirdness in addition to trying to detect the exploits. Testing products that catch compromised hosts is probably insanely difficult though. I can think of a rather large number of intrusions that I've caught that were only caught by creatively watching the network and I'm sure I'm not the only one on this list that can think of compromises they've caught similarly. Anyway Rick +1 for Martin's question. I'd love to hear as well. :) .Seth ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ?, (continued)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Joel Esler (May 05)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? firewalZ (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Nigel Houghton (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? beenph (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Martin Holste (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Crusty Saint (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Nigel Houghton (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Jason Brvenik (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Crusty Saint (May 09)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Rick Moy (May 10)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Martin Holste (May 10)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Seth Hall (May 10)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Paul Halliday (May 10)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Martin Holste (May 10)
- Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Crusty Saint (May 11)