>From my understand this is the most significant difference that sourcefire and Ron Gula's tenable security products provide. Understanding of the enviornment in which they are operating. For my environment their boxes are cost prohibitive, but if I had any choice to make it would be to look at these products in preference to many commercial products..
I have inherited two mainstream IDS solutions and they have far too much management (SYSTEM, DATABASE, AND Event management) baggage to consider an effective IDS. Pretty log spitter, definately, usefulness -- as much as snort, activworx policy manager, and base for analysis. -----Original Message----- From: Thomas Choi [mailto:[EMAIL PROTECTED] Sent: 17 April 2006 22:28 To: Focus-Ids Mailing List Subject: Re: IDS vs. IPS deployment feedback Stefano Zanero wrote: > Anomaly based devices, on the contrary, use the past as a > way to detect anomalies into the future, and therefore are less > sensitive to the zero-day/unforeseen attack problem. Yes but at the cost of high false positive rates. :) IMO, until we can come up with a way to accurately define/learn what 'normal 'behavior actually is, anomaly based systems will be pain for any corporate IT security officer to use. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ This e-mail is intended for the named recipient(s). It and any attachments may contain privileged and/or confidential information. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If you are not one of the intended recipients, or this email is received in error, please immediately either notify the sender or contact OAG Worldwide Limited on +44 (0) 1582 600111 quoting the name of the sender and the email address to which it has been sent and then delete it and any attachment(s). While all reasonable efforts are made to safeguard inbound and outbound e-mails, OAG Worldwide Limited and its affiliate companies cannot guarantee that attachments do not contain any viruses or are compatible with your systems, and does not accept liability in respect of viruses or computer problems experienced. Neither OAG Worldwide Limited nor the sender accepts any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. OAG Worldwide Limited may monitor or record outgoing and incoming e-mail to secure effective system operation and for other lawful purposes. By replying to this email you give your consent to such monitoring. Thank you. OAG Worldwide Limited is a company registered in England and Wales (registered number 4226716), with its registered office at Church Street, Dunstable, Bedfordshire, LU5 4HB, United Kingdom. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
