IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS vs. IPS deployment feedback

From: Stefano Zanero <zanero () elet polimi it>
Date: Sun, 16 Apr 2006 17:31:37 +0200
Aaron wrote:

To add to (or take away) from this thread, I would further mention that
IDS/IPS regardless of make or implimentation, will only see the past,
not the future.  


You may wish to notice that this is true, but a problem only for misuse
based devices. Anomaly based devices, on the contrary, use the past as a
way to detect anomalies into the future, and therefore are less
sensitive to the zero-day/unforeseen attack problem.

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: