IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS vs. IPS deployment feedback

From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Tue, 11 Apr 2006 12:25:25 -0400


Where Snort needs multiple
signatures for the same vulnerability, ISS can protect against the
vulnerability with 1 signature...


You are not familiar with modern Snort signatures.


Modern Snort signatures are definitely an improvement over
what it used to be, but it's still "not there" yet
in some cases... because of the limited protocol decoding
capabilities, etc


You are not familiar with modern Snort signature development by the
Sourcefire Vulnerability Research Team. See:

http://www.sourcefire.com/services/sf_vrt.html

For one example:

http://www.sourcefire.com/news/press_releases/pr121504.html


This is mostly "marketology"... Especially the zero-day
protection press release.

The VRT team indeed does a great job developing signatures, but they
still have to work with Snort limitations... which affects the final
result.

What makes ISS X-Force different from SourceFire VRT is the amount
of research being done... and not only on publicly known vulnerabilities
They can afford to do a lot of new vulnerability research, which is
one way of staying ahead of competition :-)

Note: 
I'm not associated with ISS in any way and I don't sell anything...
I'm just trying to be objective...

K

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: