Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to choose an IDS/FW MSS provider

from [THolman] Network Security [Permanent Link]
Subject: RE: How to choose an IDS/FW MSS provider
Date: Tue, 15 Mar 2005 06:23:56 -0500 
but since ISS signatures are not purely "match this string" kind of stuff
that Snort does, its not that simple


How do you know if you can't see them ?  :)

-----Original Message-----
From: Andrew Plato [mailto:andrew.plato@anitian.com] 
Sent: 11 March 2005 19:42
To: Stephane; rick.brady@libertymutual.com
Cc: focus-ids@securityfocus.com
Subject: RE: How to choose an IDS/FW MSS provider

Honestly, how many people, except security geeks like us, really care what
is inside the signatures? Sure, its fun to look inside them and see what
they are keying on, but since ISS signatures are not purely "match this
string" kind of stuff that Snort does, its not that simple. And more
importantly, who the heck has time to do that? In the zillions of Proventias
and server sensors I've deployed, I don't think anybody has ever once asked
me "gosh, can we see the signature code." They were to busy running their
systems to obsess over the code inside signatures. 

I think the "I can't see the signatures, I don't trust them" argument isn't
a viable reason to turn down an IPS/IDS vendor. If it was, then it would put
Cisco, Symantec, TippingPoint, and just about everybody else with a
high-performance IPS off the map. 


ISS MSS from our experience as an ISS reseller has been positive. But, I am
an ISS reseller so I have to say that. Another that comes to mind is
Counterpane. 

___________________________________
Andrew Plato, CISSP
President/Principal Consultant
ANITIAN  ENTERPRISE  SECURITY

3800 SW Cedar Hills Blvd, Suite 280
Beaverton, OR 97005
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
___________________________________

GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D
GPG public key available at: http://www.anitian.com/corp/keys.htm 
 



-----Original Message-----
From: Stephane [mailto:stephane.d@ecologie.net] 
Sent: Thursday, March 10, 2005 12:38 AM
To: Brady, Rick
Cc: "Melih Kirkgöz (Koç.net)"; focus-ids@securityfocus.com
Subject: Re: How to choose an IDS/FW MSS provider

Brady, Rick wrote:


Melih,
I guess you must be special to ISS, from my experience the support has been

sub-par. Also do you like the idea that ISS IDS signatures are not known to
the customer and only ISS ? 


Rick Brady
Liberty Mutual Group
I/S TSSS Engineering Network Access Control 
mailto:rick.brady@libertymutual.com
(603) 245-4214   8-435-4214sdn 
 



Hi there,

What are you talking about? The support? do you mean people behind
support@iss.net or mss.support@iss.net ?

What looks good with ISS, MSS Dept is that you have somehow the X-Force
support http://xfoce.iss.net ; as far as I know and tell me if I am wrong,
ISS is the only security provider having an R&D dept which is the X-Force
team. My impression about Cisco IDS for example is that they just do follow
the CERT to react (to react, this word is important, not to prevent). ISS
supported by X-Force provides signatures sometimes a long time before the
thread is even known. Do you want those guys to post those signatures to the
mass in order to have Symatntec, Cisco or other Netscreen getting R&D free
profits out of it? Not sure you'd do so.

Also, my question was about how to choose an IDS *AND* FW firewall. I know I
am a bit out of the topic of this mailing-list but you can be good at IDS
and maybe bad at firewalls which are much more complex through.

PS: and once again, ISS is in the gane for 10 long years. What about the
competitors?

Thanks,

Stephane

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to choose an IDS/FW MSS provider, Mark Teicher
Next by Date:  Snortgoing commercial, Chris Brown
Previous by Thread:  Re: How to choose an IDS/FW MSS provider, Mark Teicher
Next by Thread:  RE: How to choose an IDS/FW MSS provider, Andrew Plato
Indexes:  [Date] [Thread] [Top] [All Lists]