IDS mailing list archives
Re: IDS vs. IPS deployment feedback
From: "Richard Bejtlich" <taosecurity () gmail com>
Date: Mon, 10 Apr 2006 13:35:39 -0400
On 4/7/06, Andrew Plato <andrew.plato () anitian com> wrote:
Where Snort needs multiple signatures for the same vulnerability, ISS can protect against the vulnerability with 1 signature...
You are not familiar with modern Snort signatures.
Furthermore, Snort rules are developed by volunteers (or Sourcefire). As such, SNORT is usually behind the curve on new signatures. ISS, for example, does their own independent security research an has signatures to protect against things that Snort people don't even know about.
You are not familiar with modern Snort signature development by the Sourcefire Vulnerability Research Team. See: http://www.sourcefire.com/services/sf_vrt.html For one example: http://www.sourcefire.com/news/press_releases/pr121504.html
Now, I realize I sound like a ISS or TippingPoint sales person.
Now that's an accurate statement! :) Richard ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS vs. IPS deployment feedback, (continued)
- Re: IDS vs. IPS deployment feedback Will Metcalf (Apr 05)
- Re: IDS vs. IPS deployment feedback Jean-Philippe Luiggi (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 06)
- Re: IDS vs. IPS deployment feedback Will Metcalf (Apr 06)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Apr 15)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 07)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- RE: IDS vs. IPS deployment feedback Alan Shimel (Apr 10)
- Re: IDS vs. IPS deployment feedback Eric Hines (Apr 13)
- RE: IDS vs. IPS deployment feedback Alan Shimel (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 10)
- Re: IDS vs. IPS deployment feedback Paul Schmehl (Apr 11)
- Re: IDS vs. IPS deployment feedback Aaron (Apr 15)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Apr 17)
- Re: IDS vs. IPS deployment feedback Thomas Choi (Apr 18)
- Re: IDS vs. IPS deployment feedback Aaron (Apr 18)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Apr 15)
- Re: IDS vs. IPS deployment feedback Will Metcalf (Apr 05)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)
- RE: IDS vs. IPS deployment feedback Mike Barkett (Apr 13)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)