Re: ForeScout ActiveScout

From: Gadi Evron (ge_at_linuxbox.org)
Date: 01/11/05

  • Next message: avi chesla: "Re: newbie quetsions"
    Date: Tue, 11 Jan 2005 12:12:30 +0200
    To: dywzh dywzh <zhihen.wang@gmail.com>
    
    

    > But one weak point I see in their approach (or their product offering)
    > is that they narrowed their intrusion detection scope to only on those
    > traffics going to the fake place.

    Not so. They do give higher score to traffic going to non-existent IP's
    - i.e. virtual hosts the machine "acts like they are alive", but the
    whole methodology we discussed actually works on real IP's.

    Seeing someone attack a non-existent IP is always nice, though. ;)

    > Recently, I have been exposed to a start-up security company,
    > CyberShield Networks. They developed a similar approach to enable
    > users being proactive, but the complete package they offer goes way
    > beyond just reporting attacks from the fake place, they cover
    > intrusion detection over the entire IP space assigned under their

    I don't see how this differs from ActiveScout. Can you provide more
    details? It sounds very interesting. What do they do?

    > protection. Also they implemented a RADAR screen and transformed
    > attacks into blips on the RADAR, that makes our security guys life a
    > lot easier as far as sorting out the priorities among the attacks
    > reported. Pretty cool stuff.

    Cool GUI, being cool, is important for ease of use. It is not, however,
      what I am looking for in a product.

            Gadi.

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: avi chesla: "Re: newbie quetsions"

    Relevant Pages

    • Re: Intrusion Detection Evaluation Datasets
      ... Today, RS worms have become much less of a big deal, and most of the action is attacks on clients primarily via the web, and the resulting remote control of systems via bots. ... I think there's an assumption lurking implicitly in the search for datasets that the appropriate focus for research is the inference algorithm. ... Usually, if you have good features with high discrimination, most algorithms can be tweaked to do ok. ... In the end, intrusion detection is about detecting intrusions, just like the name says. ...
      (Focus-IDS)
    • Re: ForeScout ActiveScout
      ... One of the biggest challenge in intrusion detection is to ... till the next brand new unknown attacks to surface. ... appropriate action, such as notifying firewall. ... DMZ servers, are patched, why the heck would I want to ...
      (Focus-IDS)
    • Re: Software Firewall for Standalone Web Server
      ... >The problem is that our server is at a co-location with a hosting company. ... >to harden the Win2k machine and provide intrusion detection. ... for a number of attacks such as buffer overflows. ... called Symantec Host IDS, ...
      (comp.security.firewalls)