Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS vs. IPS deployment feedback

from [PPowenski] Network Security [Permanent Link]
Subject: RE: IDS vs. IPS deployment feedback
Date: Wed, 19 Apr 2006 08:54:53 +0100 
From my understand this is the most significant difference that

sourcefire and Ron Gula's tenable security products provide.
Understanding of the enviornment in which they are operating.
For my environment their boxes are cost prohibitive, but if I had any
choice to make it would be to look at these products in preference to
many commercial products..

I have inherited two mainstream IDS solutions and they have far too much
management (SYSTEM, DATABASE, AND Event management) baggage to consider
an effective IDS. Pretty log spitter, definately, usefulness -- as much
as snort, activworx policy manager, and base for analysis.


-----Original Message-----
From: Thomas Choi [mailto:tchoi@nortel.com] 
Sent: 17 April 2006 22:28
To: Focus-Ids Mailing List
Subject: Re: IDS vs. IPS deployment feedback


Stefano Zanero wrote:

Anomaly based devices, on the contrary, use the past as a
way to detect anomalies into the future, and therefore are less 
sensitive to the zero-day/unforeseen attack problem.


Yes but at the cost of high false positive rates.   :)

IMO, until we can come up with a way to accurately define/learn what 
'normal 'behavior actually is, anomaly based systems will be pain for 
any corporate IT security officer to use. 





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
This e-mail is intended for the named recipient(s).  It and any attachments may 
contain privileged and/or confidential information. They may not be disclosed 
to or used by or copied in any way by anyone other than the intended recipient. 
 If you are not one of the intended recipients, or this email is received in 
error, please immediately either notify the sender or contact OAG Worldwide 
Limited on +44 (0) 1582 600111 quoting the name of the sender and the email 
address to which it has been sent and then delete it and any attachment(s). 
While all reasonable efforts are made to safeguard inbound and outbound 
e-mails, OAG Worldwide Limited and its affiliate companies cannot guarantee 
that attachments do not contain any viruses or are compatible with your 
systems, and does not accept liability in respect of viruses or computer 
problems experienced. Neither OAG Worldwide Limited nor the sender accepts any 
responsibility for viruses and it is your responsibility to scan or otherwise 
check this email and any attachments.  
OAG Worldwide Limited may monitor or record outgoing and incoming e-mail to 
secure effective system operation and for other lawful purposes.  By replying 
to this email you give your consent to such monitoring. 
Thank you.
OAG Worldwide Limited is a company registered in England and Wales (registered 
number 4226716), with its registered office at Church Street, Dunstable, 
Bedfordshire, LU5 4HB, United Kingdom.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Less well-known commercial IDS, Eric Hines
Next by Date:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Previous by Thread:  RE: IDS vs. IPS deployment feedback, Biswas, Proneet
Next by Thread:  Re: IDS vs. IPS deployment feedback, virtuale
Indexes:  [Date] [Thread] [Top] [All Lists]