IDS mailing list archives
False Positives with IntruVert
From: "Cure, Samuel J" <scure () kpmg com>
Date: Fri, 28 Mar 2003 11:36:23 -0600
Looking for some feedback on IntruVert. I have a client that is evaluating IntruVert in the lab and has been getting a lot of false positives on their network. They are afraid to put IntruVert into the IPS mode, of actually stopping traffic based on false positives. Gartner Group has claimed that everyone is moving from Detection to Prevention, but if the underlying technology has this many flawed signatures, I do not see how anyone can confidently use it and start blocking all attacks. Has anyone put IntruVert into full Prevention mode and what were the effects? I have not heard of anyone actually using IntruVert's prevention mode, but mostly as an IDS. While it seems that many IDS/IPS reviewers rank and measure finding attacks high, it would seem equally if not, more important to rank false positives high especially in Prevention mode. Is there any reviewers that have compared the false positives and false alarms of all the IDS/IPS products? Has anyone here compared false positives of Introvert, Snort, Cisco, RealSecure, etc? Thanks in advance! ________________________________ Samuel Cure KPMG Risk and Advisory Services (RAS)-Atlanta Phone: 404.222.3043 Fax: 404.222.7740 Cell: 404.861.9436 mailto:scure () kpmg com ________________________________ ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- False Positives with IntruVert Cure, Samuel J (Mar 28)
- Re: False Positives with IntruVert Paul Schmehl (Mar 28)
- <Possible follow-ups>
- RE: False Positives with IntruVert Bill Boyle (Mar 28)
- RE: False Positives with IntruVert Alan Shimel (Mar 31)