Arian, >Anyway, that said, the behavioral realm >is begging to be explored more. I'm surprised >none of the vendors have touched it. It >seems so promising.
They have, the problem is in finding market applicability. This approach (and I expand this to behavioral protection in general) tends to be imprecise enough to require marriage to more direct methods like white listing and black listing. Simply put the false positive rates (when the technology is deployed in isolation) suck. Paying customers tend to have a pretty limited tolerance for that so the tech tends to get buried and becomes a victim of underemphasis. Hopefully the open source community will dig in and fix this for everyone else so they can profit on it. >ps -- unsure if this will make the list. Security >Focus has randomly blocked me from some >lists but not others, and I have been unable >to get the SF list-server admins to respond >to email about this for almost TWO YEARS >now for some reason. For a guy who is obviously quite intelligent I'm surprised you've not sorted this one out yet. Your posts are certainly well thought out and you clearly understand your space well. The gating factor for you ( or more precisely, your posts) is that you litter your posts with frenetic vitriol. In an otherwise fantastic post you make two cheap (albeit possibly true) shots at vendors in the app firewall/ids space and then follow up with a coup de grace at the site your posting through. All of this and your surprised your posts fail and the moderators ignore you? al ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
