ISS has an ADS device. Enterasys has ADS technology in their SIM Dragon. (brings in flow information)
On Sat, May 17, 2008 at 9:05 AM, Stefano Zanero <[EMAIL PROTECTED]> wrote: > Andrew Plato wrote: >> >> Honestly, I have never found "network anomaly detection (NADS)" to be a >> tremendously valuable technology for most organizations. > > Perhaps this is because no anomaly detectors exist in the commercial world > with just a few exceptions (Lancope and Arbor being the two that come to > mind) ? > >> in the hundreds >> >> of networks I have seen, very few of them are very clean. Most of them >> are filthy with a constant onslaught of "anomalies.' > > A good anomaly detector should filter out those "anomalies", which by the > sheer fact of being always there are extremely normal ;) > >> One thing I have learned in my travels installing IPS/IDS for 6+ years >> now is that 95% of the admins out there pay very little attention to the >> deluge of data that comes from IPS/IDS technologies. > > Then may I suggest that probably those technologies were either > misconfigured or installed at the wrong sites ? > > Stefano > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from CORE > IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
