RE: Specification-based Anomaly Detection

From: Drew Simonis (simonis_at_myself.com)
Date: 01/20/05

  • Next message: Kohlenberg, Toby: "RE: Specification-based Anomaly Detection" 
    To: "Kohlenberg, Toby" <toby.kohlenberg@intel.com>, "(infor) urko zurutuza" <uzurutuza@eps.mondragon.edu>, "Stefano Zanero" <zanero@elet.polimi.it>
Date: Wed, 19 Jan 2005 20:16:31 -0500

    > I don't know about anyone else, but I'm sick of seeing ideas that
    > have been around for 20 years touted as "ground breaking!" or
    > "revolutionary!".

    While I tend to agree, the old adage "everything old is new again"
    isn't an adage because its false. To use another adage, this one
    less polite, ideas are like... well, you know; everyone has one.

    The point is, the fact that an idea has been around for some time
    doesn't make the implementation of that idea an less important.
    Many ideas are really clever, but no one figures out how to make
    them reality. Wasn't the idea of PKC published some 6 years before
    RSA had a product? Does that make RSA's product any less
    revolutionary? I'd argue no.

    Researchers like Denning and Anderson come up with fanastic ideas,
    but it takes a lot of legwork on the part of the product companies
    to realize those ideas, and that is certainly effort worth
    celebrating.

    -Ds

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Kohlenberg, Toby: "RE: Specification-based Anomaly Detection"