On January 19, 2005 08:43 pm, Adam Powers wrote:
I tend to agree that claming something as "ground breaking" or
"revolutionary" is irritating beyond all belief.
Quantuum leaps in the eye of a marketing person are rarely the paradigm
shifts (:-) they believe they are.
With all deferences to Stefano and his recearch in the area, I haven't seen
any of the statistical anomaly methods produce any significant results yet.
Most sysadmins don't have much of an idea of what constitutes "normal"
traffic patterns on their nets and I have yet to see a formal mechanical
model that can do even less than that. That said, imho, the best statistical
anomaly detection on the market is still a human brain and a little
quality time with tcpdump :). The price is right too :-).
Big claims are easy, but I'd like to see the vendors of this kind of stuff
back their hyperbole with some case studies outlining significant wins/kills,
before I get excited about any of these systems...
Once the merit is proven, _then_ we can start to look into the second
order stuff like training and noise attacks...
cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada May 4-6 2005 http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
