RE: Definition of Zero Day Protection

From: Joshua Berry (jberry_at_PENSON.COM)
Date: 08/09/04

  • Next message: Brian Smith: "RE: Definition of Zero Day Protection"
    Date: Mon, 9 Aug 2004 15:41:50 -0500
    To: <focus-ids@securityfocus.com>
    
    

    Sana Security makes Host-Based Intrusion Prevention that attempts to
    detect unknown exploits. The system is behavioral, creating a map of
    "normal" system call chains and then puts itself into prevent/or detect
    mode after the learning period.

    -----Original Message-----
    From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
    Sent: Monday, August 09, 2004 2:15 PM
    To: Drew Simonis; focus-ids@securityfocus.com
    Cc: Seanor, Joseph (Joe)
    Subject: RE: Definition of Zero Day Protection

    Drew,

    What host based products would fit this category based on the definition
    ?? Do they really work ??

    -----Original Message-----
    From: Drew Simonis [mailto:simonis@myself.com]
    Sent: Monday, August 09, 2004 01:07 PM
    To: Teicher, Mark (Mark); focus-ids@securityfocus.com
    Cc: Seanor, Joseph (Joe)
    Subject: Re: Definition of Zero Day Protection

    ----- Original Message -----
    From: "Teicher, Mark (Mark)"
    Date: Sun, 8 Aug 2004 19:47:48 -0600
    Subject: Definition of Zero Day Protection

    > What is Zero Day Protection

    It is, as you stated, another marketing blurb, but it isn't just that.
    Usually, this bit of jargon is applied to a detection/prevention system
    that uses things like heuristic detection techniques, behavior based
    detection, protocol anomoly or some other advanced methods. These allow
    the activity to be blocked or alerted on, as opposed to the specific
    event.

    So, for example, a worm can be characterized by certain activity. Say,
    opening connections to lots of remote hosts in a short period of time.
    This behavior can be blocked (e.g. the process can be killed) even
    without knowing that it was WormX.

    hth,
    -Ds

    ------------------------------------------------------------------------

    --
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE
    IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------
    --
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE
    IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Brian Smith: "RE: Definition of Zero Day Protection"

    Relevant Pages

    • Re: Definition of Zero Day Protection
      ... intrusion detection systems. ... by the offending marketing group of a system that offers "Zero Day ... Protection" is that the system is somehow nondeterministic in how it ... The concept of an IDS is simple, we tell it what to look ...
      (Focus-IDS)
    • RE: Definition of Zero Day Protection
      ... What host based products would fit this category based on the definition ... Definition of Zero Day Protection ... detection, protocol anomoly or some other advanced methods. ...
      (Focus-IDS)