Andrew Plato wrote:
Honestly, I have never found "network anomaly detection (NADS)" to be a
tremendously valuable technology for most organizations.
Perhaps this is because no anomaly detectors exist in the commercial
world with just a few exceptions (Lancope and Arbor being the two that
come to mind) ?
> in the hundreds
of networks I have seen, very few of them are very clean. Most of them
are filthy with a constant onslaught of "anomalies.'
A good anomaly detector should filter out those "anomalies", which by
the sheer fact of being always there are extremely normal ;)
One thing I have learned in my travels installing IPS/IDS for 6+ years
now is that 95% of the admins out there pay very little attention to the
deluge of data that comes from IPS/IDS technologies.
Then may I suggest that probably those technologies were either
misconfigured or installed at the wrong sites ?
Stefano
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
