RE: Definition of Zero Day Protection
From: Joshua Berry (jberry_at_PENSON.COM)
Date: 08/09/04
- Previous message: Teicher, Mark (Mark): "RE: Definition of Zero Day Protectiona"
- Maybe in reply to: Teicher, Mark (Mark): "Definition of Zero Day Protection"
- Next in thread: Brian Smith: "RE: Definition of Zero Day Protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 9 Aug 2004 15:41:50 -0500 To: <focus-ids@securityfocus.com>
Sana Security makes Host-Based Intrusion Prevention that attempts to
detect unknown exploits. The system is behavioral, creating a map of
"normal" system call chains and then puts itself into prevent/or detect
mode after the learning period.
-----Original Message-----
From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
Sent: Monday, August 09, 2004 2:15 PM
To: Drew Simonis; focus-ids@securityfocus.com
Cc: Seanor, Joseph (Joe)
Subject: RE: Definition of Zero Day Protection
Drew,
What host based products would fit this category based on the definition
?? Do they really work ??
-----Original Message-----
From: Drew Simonis [mailto:simonis@myself.com]
Sent: Monday, August 09, 2004 01:07 PM
To: Teicher, Mark (Mark); focus-ids@securityfocus.com
Cc: Seanor, Joseph (Joe)
Subject: Re: Definition of Zero Day Protection
----- Original Message -----
From: "Teicher, Mark (Mark)"
Date: Sun, 8 Aug 2004 19:47:48 -0600
Subject: Definition of Zero Day Protection
> What is Zero Day Protection
It is, as you stated, another marketing blurb, but it isn't just that.
Usually, this bit of jargon is applied to a detection/prevention system
that uses things like heuristic detection techniques, behavior based
detection, protocol anomoly or some other advanced methods. These allow
the activity to be blocked or alerted on, as opposed to the specific
event.
So, for example, a worm can be characterized by certain activity. Say,
opening connections to lots of remote hosts in a short period of time.
This behavior can be blocked (e.g. the process can be killed) even
without knowing that it was WormX.
hth,
-Ds
------------------------------------------------------------------------
-- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: Teicher, Mark (Mark): "RE: Definition of Zero Day Protectiona"
- Maybe in reply to: Teicher, Mark (Mark): "Definition of Zero Day Protection"
- Next in thread: Brian Smith: "RE: Definition of Zero Day Protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
