RE: IDS vs. IPS deployment feedback

> > Where Snort needs multiple
> > signatures for the same vulnerability, ISS can protect against the
> > vulnerability with 1 signature...
>
> You are not familiar with modern Snort signatures.

Modern Snort signatures are definitely an improvement over
what it used to be, but it's still "not there" yet
in some cases... because of the limited protocol decoding
capabilities, etc

> You are not familiar with modern Snort signature development by the
> Sourcefire Vulnerability Research Team. See:
>
> http://www.sourcefire.com/services/sf_vrt.html
>
> For one example:
>
> http://www.sourcefire.com/news/press_releases/pr121504.html

This is mostly "marketology"... Especially the zero-day
protection press release.

The VRT team indeed does a great job developing signatures, but they
still have to work with Snort limitations... which affects the final
result.

What makes ISS X-Force different from SourceFire VRT is the amount
of research being done... and not only on publicly known vulnerabilities
They can afford to do a lot of new vulnerability research, which is
one way of staying ahead of competition :-)

Note: 
I'm not associated with ISS in any way and I don't sell anything...
I'm just trying to be objective...

K

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------