Re: Comparing the performance of two IDS products with different architectures

From: Veselin Mijuskovic (panzer@etf.bg.ac.yu)
Date: 10/15/01

Previous message: Vitaly Osipov: "Re: Realsecure"
In reply to: iheagwarac@aol.com: "Comparing the performance of two IDS products with different architectures"
Next in thread: Bennett Todd: "Re: Comparing the performance of two IDS products with different architectures"
Reply: Bennett Todd: "Re: Comparing the performance of two IDS products with different architectures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 15 Oct 2001 14:24:04 +0200
From: Veselin Mijuskovic <panzer@etf.bg.ac.yu>
To: iheagwarac@aol.com
Subject: Re: Comparing the performance of two IDS products with different architectures
Message-ID: <20011015142404.C32715@etf.bg.ac.yu>

iheagwarac@aol.com [Sat, Oct 13, 2001 at 04:53:14PM -0400, Comparing the performance of two IDS products with different architectures]:
>
> Does anyone know if there is justification to compare the performance of IDS
> products with pattern-matching technique with those IDS products that use
> the state-based (protocol analysis)technique in the same network environments?
>
The sole purpose of an Intrusion Detection System is to detects intrusions
to the system it is protecting. Therefore, there is a strong justification to
compare the performance of different types of IDS products, because the performance
of those products is one of the basic reasons of its deployment in the first place.
That is, you don't need an IDS that fails to detect intrusions, now, don't you?
Of course, IDS performance is not the solely argument when choosing the right
product - there's scalability, availability and the total cost of the system
relative to the price of the system this IDS protect, just to mention some of them.

Cheers,

-- 
 | \|/ Panzer (a.k.a Veselin Mijuskovic), Unix SysAdmin 
/|\ |  Computer Centre, School of Electical Engineering, University of Belgrade
-------------------------------------------------------------------------------
       Unix is very friendly, it's just picky about who its friends are

Previous message: Vitaly Osipov: "Re: Realsecure"
In reply to: iheagwarac@aol.com: "Comparing the performance of two IDS products with different architectures"
Next in thread: Bennett Todd: "Re: Comparing the performance of two IDS products with different architectures"
Reply: Bennett Todd: "Re: Comparing the performance of two IDS products with different architectures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: What the heck is this msblast.exe
... Been seeing this in my IDS logs all day. ... What the heck is this msblast.exe ... Your network firewall and IDS products do not prevent Web application ... Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
Re: Random IDS Thoughts [WAS: Re: IDS thoughts]
... > The fact that most IDS products out there now look the same is based on ... Anomaly based IDS ... INTRUSION PREVENTION: READY FOR PRIME TIME? ...
(Focus-IDS)
Re: IDS Evaluation
... > the what best measurements comes for Zero-day attack. ... and you see if your IDS is able to catch it up. ... > frequent an IDS products must be updated inorder to protect against ... basic anomaly detection features ...
(Focus-IDS)
RE: Signature Counts between IDSs
... >compare the two (and other IDS products), take a look at the Network ... ISS and BlackICE are now combined with an entirely new engine that is ...
(Focus-IDS)
Re: Okena StormWatch
... > How does it compare to Snort w/ ACID? ... Okena's Stormwatch product is less of an IDS, ... \winnt\system32\*) the Okena product could actually BLOCK those requests. ... application behavior "policies" for each and every app you plan on ...
(Focus-IDS)