Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Definition of Zero Day Protection

from [Ranjeet Shetye] Network Security [Permanent Link]
Subject: Re: Definition of Zero Day Protection
Date: Mon, 9 Aug 2004 14:32:38 -0700 
Lets say that Worm.A has been mutated into Worm.A1, and that protection
against Worm.A also happens to protect against Worm.A1 .

Is this Zero Day Protection with respect to Worm.A1 ? Marketing would say
"Yes". Its an additional checkbox that they can tick while selling to a
client. (Technically, it could be considered a very weak form of Zero Day
Protection)

An engineer would probably apply more stringent standards before he/she
claimed zero-day protection. An engineer would probably envision Zero
Day Protection to be reasonable protection against an unknown agent that
has not been previously studied. Complete protection from such unknown agents
would be the "cool" zero day protection that we all aim for.

Lets just say that Marketing standards are weaker than Engineering standards
cos the driving forces are different i.e. customer-sales-driven versus
technology-driven.

Ranjeet.

* Teicher, Mark (Mark) (teicher@avaya.com) wrote:

Marketing ploy??  You mean marketing people don't state the truth about
Zero Day Protection and how it works ??

/mark

-----Original Message-----
From: Carey, Steve T GARRISON [mailto:steven-carey@us.army.mil] 
Sent: Monday, August 09, 2004 11:08 AM
To: Teicher, Mark (Mark)
Cc: Seanor, Joseph (Joe); focus-ids@securityfocus.com
Subject: RE: Definition of Zero Day Protection

My own personal opinion, based on 7 years of experience in intrusion
detection, is that it is a marketing ploy.  Only way to ensure Zero Day
Protection is to use a 'suite' of IDS tools and have an analyst looking
at those logs 24/7 to find the Zero Day Exploit.  

Vendors can state they prevent Zero Day Exploits but to do that you can
also stop legitimate traffic.  Maybe sometime in the future that can
happen, but not today.

Steve Carey

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------



-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely those 
of
the author. The message contents have not been reviewed or approved by Zultys.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Definition of Zero Day Protection, Drew Copley
Next by Date:  Network Security Webinar - "Embedded IPS Solutions for Advanced N etwork Security", Holger Schulze
Previous by Thread:  RE: Definition of Zero Day Protection, Michal Zalewski
Next by Thread:  RE: Definition of Zero Day Protection, Teicher, Mark (Mark)
Indexes:  [Date] [Thread] [Top] [All Lists]