IDS mailing list archives
RE: IDS vs. IPS deployment feedback
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Tue, 11 Apr 2006 12:25:25 -0400
Where Snort needs multiple signatures for the same vulnerability, ISS can protect against the vulnerability with 1 signature...You are not familiar with modern Snort signatures.
Modern Snort signatures are definitely an improvement over what it used to be, but it's still "not there" yet in some cases... because of the limited protocol decoding capabilities, etc
You are not familiar with modern Snort signature development by the Sourcefire Vulnerability Research Team. See: http://www.sourcefire.com/services/sf_vrt.html For one example: http://www.sourcefire.com/news/press_releases/pr121504.html
This is mostly "marketology"... Especially the zero-day protection press release. The VRT team indeed does a great job developing signatures, but they still have to work with Snort limitations... which affects the final result. What makes ISS X-Force different from SourceFire VRT is the amount of research being done... and not only on publicly known vulnerabilities They can afford to do a lot of new vulnerability research, which is one way of staying ahead of competition :-) Note: I'm not associated with ISS in any way and I don't sell anything... I'm just trying to be objective... K ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS vs. IPS deployment feedback, (continued)
- Re: IDS vs. IPS deployment feedback Thomas Choi (Apr 18)
- Re: IDS vs. IPS deployment feedback Aaron (Apr 18)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Apr 15)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)
- RE: IDS vs. IPS deployment feedback Mike Barkett (Apr 13)
- Re: IDS vs. IPS deployment feedback Jason (Apr 13)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 11)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 13)
- RE: IDS vs. IPS deployment feedback Kyle Quest (Apr 13)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 13)
- Re: IDS vs. IPS deployment feedback Paul Schmehl (Apr 15)
- RE: IDS vs. IPS deployment feedback Cojocea, Mike (IST) (Apr 13)
- RE: IDS vs. IPS deployment feedback Gary Halleen (ghalleen) (Apr 13)
- Re: IDS vs. IPS deployment feedback Randal T. Rioux (Apr 18)
- Re: IDS vs. IPS deployment feedback Frank Knobbe (Apr 13)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 13)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
- RE: IDS vs. IPS deployment feedback Biswas, Proneet (Apr 15)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
(Thread continues...)