RE: IDS detection approaches

I am attempting to evaluate an Anomaly Detection System from ISS, that
takes flow information and integrated the data with the IPS/IDS
infrastructure.

ISS states that it protects from internal threats as it monitors the
network traffic from the flow information.

Another interesting product is the SourceFire Enterprise Threat
Management system that does Real Time Network Analysis, which is a very
interesting product.

Albert R. Campa



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of snort user
Sent: Thursday, October 04, 2007 11:06 AM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: IDS detection approaches

Greetings.

I have a general IDS related query: what are the current trends in
intrusion detection methods?

Signature based seems to be the most commonly used approach. There are
also lot of products that implement protocol decoding/analysis to assist
the signature based approach.
There are a few rate based and anomaly based products too.

What do you think is the most probable approach that will complement the
signature based approach in the recent future?

Thanks for the reply !

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • RE: Changes in IDS Companies?
    ... It does intrusion detection with alerting and pattern matching ... IDS is down...but at least your network isn't, ... ::: mode being rolled into Snort) are both good technologies ...
    (Focus-IDS)
  • RE: Specification-based Anomaly Detection
    ... Hi Stefano & Toby, ... I feel that the mind set of the discussion was about such applications, ... would not be much different than a network IDS. ... Does this make intrusion detection in web applications deferent? ...
    (Focus-IDS)
  • Re: Alarming (was protocol analysis)
    ... Obviously, there are different ways to "detect" attacks, but John uses the ... no one should ever "rely" on any IDS for our ... As for Johns Metaphor of the motion sensor vs the pressure sensor, ... toward Intrusion Prevention as opposed to just Intrusion Detection. ...
    (Focus-IDS)
  • IDS Assessment (was: Intrusion Prevention... probably something else at one point)
    ... scrutiny of all IDS features/technologies. ... Anomaly-type detection engines can ... weaknesses of each detection methodology (which is described in much ... attack d'jour with a cool sounding name and/or press ...
    (Focus-IDS)
  • RE: Hi, I want to study IPS
    ... >>of systems to pull everything together into an IDS solution. ... you are right that some IPS products use similar techniques as ... technologies in attack detection. ... capabilities, and so have less false positives, which is not true. ...
    (Focus-IDS)
Loading