IDS mailing list archives

False Positives with IntruVert

From: "Cure, Samuel J" <scure () kpmg com>
Date: Fri, 28 Mar 2003 11:36:23 -0600

Looking for some feedback on IntruVert.  I have a client that is evaluating
IntruVert in the lab and has been getting a lot of false positives on their
network.  They are afraid to put IntruVert into the IPS mode, of actually
stopping traffic based on false positives.  Gartner Group has claimed that
everyone is moving from Detection to Prevention, but if the underlying
technology has this many flawed signatures, I do not see how anyone can
confidently use it and start blocking all attacks. 
 
Has anyone put IntruVert into full Prevention mode and what were the
effects?  I have not heard of anyone actually using IntruVert's prevention
mode, but mostly as an IDS. 

While it seems that many IDS/IPS reviewers rank and measure finding attacks
high, it would seem equally if not, more important to rank false positives
high especially in Prevention mode.  Is there any reviewers that have
compared the false positives and false alarms of all the IDS/IPS products?
Has anyone here compared false positives of Introvert, Snort, Cisco,
RealSecure, etc?

Thanks in advance!

________________________________
Samuel Cure
KPMG
Risk and Advisory Services (RAS)-Atlanta
Phone: 404.222.3043
Fax:    404.222.7740
Cell:    404.861.9436
mailto:scure () kpmg com
________________________________


*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************


-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter 
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71

Current thread:

False Positives with IntruVert Cure, Samuel J (Mar 28)
- Re: False Positives with IntruVert Paul Schmehl (Mar 28)
- <Possible follow-ups>
- RE: False Positives with IntruVert Bill Boyle (Mar 28)
- RE: False Positives with IntruVert Alan Shimel (Mar 31)