On Fri, Sep 10, 2004 at 10:18:27AM -0400, PS R wrote:
I am thinking of:
- Flow Control - limitations on flooding, unused connections, etc...
- Robust, ACURATE signature base
- Packet capture - no debate on how much before, as that has been covered
- Pre-deployment network analysis tools to accelerate deployment
- Anomaly detection
- Alert export compatibility with 3rd party event management solutions
One thing I think is important is that these vendors realise that just
*MAYBE* their customers already have existing infrastructure for doing
things like alerting, and that they should support that instead of creating
yet another damn stand-alone application.
We need to see more integration in this industry - hell - IT in general.
By alerting, I mean support SNMP traps (gah!), eventlog (for Windows), and
better yet - syslog. There are still too many "security products" out there
that think logging to their own text file or proprietary database is the
best way of doing things. I'm not saying any of that needs to be thrown out,
but they should try to ADDITIONALLY support mechanisms their customers have
probably got covered.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------
