RE: IDS vs. IPS deployment feedback
- From: <PPowenski@xxxxxxx>
- Date: Wed, 19 Apr 2006 08:54:53 +0100
From my understand this is the most significant difference thatsourcefire and Ron Gula's tenable security products provide.
Understanding of the enviornment in which they are operating.
For my environment their boxes are cost prohibitive, but if I had any
choice to make it would be to look at these products in preference to
many commercial products..
I have inherited two mainstream IDS solutions and they have far too much
management (SYSTEM, DATABASE, AND Event management) baggage to consider
an effective IDS. Pretty log spitter, definately, usefulness -- as much
as snort, activworx policy manager, and base for analysis.
-----Original Message-----
From: Thomas Choi [mailto:tchoi@xxxxxxxxxx]
Sent: 17 April 2006 22:28
To: Focus-Ids Mailing List
Subject: Re: IDS vs. IPS deployment feedback
Stefano Zanero wrote:
Anomaly based devices, on the contrary, use the past as a
way to detect anomalies into the future, and therefore are less
sensitive to the zero-day/unforeseen attack problem.
Yes but at the cost of high false positive rates. :)
IMO, until we can come up with a way to accurately define/learn what
'normal 'behavior actually is, anomaly based systems will be pain for
any corporate IT security officer to use.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
This e-mail is intended for the named recipient(s). It and any attachments may contain privileged and/or confidential information. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If you are not one of the intended recipients, or this email is received in error, please immediately either notify the sender or contact OAG Worldwide Limited on +44 (0) 1582 600111 quoting the name of the sender and the email address to which it has been sent and then delete it and any attachment(s).
While all reasonable efforts are made to safeguard inbound and outbound e-mails, OAG Worldwide Limited and its affiliate companies cannot guarantee that attachments do not contain any viruses or are compatible with your systems, and does not accept liability in respect of viruses or computer problems experienced. Neither OAG Worldwide Limited nor the sender accepts any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments.
OAG Worldwide Limited may monitor or record outgoing and incoming e-mail to secure effective system operation and for other lawful purposes. By replying to this email you give your consent to such monitoring.
Thank you.
OAG Worldwide Limited is a company registered in England and Wales (registered number 4226716), with its registered office at Church Street, Dunstable, Bedfordshire, LU5 4HB, United Kingdom.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Prev by Date: Re: Less well-known commercial IDS
- Next by Date: Re: Less well-known commercial IDS
- Previous by thread: RE: IDS vs. IPS deployment feedback
- Next by thread: Re: IDS vs. IPS deployment feedback
- Index(es):
Relevant Pages
|
