IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Definition of Zero Day Protection

From: "Drew Simonis" <simonis () myself com>
Date: Mon, 09 Aug 2004 14:07:15 -0500

----- Original Message ----- 
From: "Teicher, Mark (Mark)" 
Date: Sun, 8 Aug 2004 19:47:48 -0600 
Subject: Definition of Zero Day Protection 


What is Zero Day Protection


It is, as you stated, another marketing blurb, but it isn't 
just that.  Usually, this bit of jargon is applied to a 
detection/prevention system that uses things like heuristic 
detection techniques, behavior based detection, protocol
anomoly or some other advanced methods.  These allow the 
activity to be blocked or alerted on, as opposed to the 
specific event.  

So, for example, a worm can be characterized by certain 
activity.  Say, opening connections to lots of remote
hosts in a short period of time.  This behavior can be
blocked (e.g. the process can be killed) even without 
knowing that it was WormX.  


hth,
-Ds

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: