Re: Crying wolf: False alarms hide attacks : Eight IDSs fail to impress during the monthlong test on a production network.

From: Andrew Plato (aplato@anitian.com)
Date: 06/27/02 

Date: 27 Jun 2002 04:42:25 -0000
From: Andrew Plato <aplato@anitian.com>
To: focus-ids@securityfocus.com
('binary' encoding is not supported, stored as-is) In-Reply-To: <000201c21bdd$5843dcc0$4c01a8c0@MINE>

>Network World Fusion News has a comparison of 8 IDS's. This is an
>interesting read.
>
>http://www.nwfusion.com/techinsider/2002/0624security1.html

Great report.

Next time they should do RealSecure on one of my Win2k appliances. I have
RealSecure Sentry and Guard Appliances out at customer sites on Win2k that
have been running error free for months. (sorry for the shameless plug)

This also illustrates a dark side of IDSs that virtually no vendor will
bother to tell you. IDSs require a lot of tuning and tweaking before they
can become an integral part of your network. And there is always a certain
percentage of events that are false positives. The only way to get a feel
for this is to deploy and baseline those systems. Something they rarely
bother to mention in the documentation you get.

------------------------------------
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation
http://www.anitian.com
------------------------------------