Re: Useful NADS

ISS has an ADS device.
Enterasys has ADS technology in their SIM Dragon. (brings in flow information)



On Sat, May 17, 2008 at 9:05 AM, Stefano Zanero <zanero@xxxxxxxxxxxxxx> wrote:
Andrew Plato wrote:

Honestly, I have never found "network anomaly detection (NADS)" to be a
tremendously valuable technology for most organizations.

Perhaps this is because no anomaly detectors exist in the commercial world
with just a few exceptions (Lancope and Arbor being the two that come to
mind) ?

in the hundreds

of networks I have seen, very few of them are very clean. Most of them
are filthy with a constant onslaught of "anomalies.'

A good anomaly detector should filter out those "anomalies", which by the
sheer fact of being always there are extremely normal ;)

One thing I have learned in my travels installing IPS/IDS for 6+ years
now is that 95% of the admins out there pay very little attention to the
deluge of data that comes from IPS/IDS technologies.

Then may I suggest that probably those technologies were either
misconfigured or installed at the wrong sites ?

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • Re: Specification-based Anomaly Detection
    ... release from every technology vendor you'll ever read which almost always ... As anomaly detection technologies go, few companies have actually ... >> CORE IMPACT. ... Advanced Technology Group ...
    (Focus-IDS)
  • Re: DDoS Traffic
    ... Most network anomaly detection solutions do not have the ability to ... signatures, which are specific to that event. ...
    (sci.crypt)
  • Re: IDS evaluations procedures
    ... talking about network anomaly detection? ... What kind of anomaly detection are you trying to test? ... > Find out quickly and easily by testing it with real-world attacks from ... > CORE IMPACT. ...
    (Focus-IDS)
Quantcast