Re: IDS applications

[Joel Rosenblatt <joel () COLUMBIA EDU>]

We have been using our own Bayesian IDS system called PAIRS for 5 years .. Here is the link to the presentation that was done at Security Camp last year if 
anyone is interested.

<http://www.bu.edu/tech/files/pdf/rosenblatt.pdf>

Thanks,
Joel


--On Wednesday, July 07, 2010 11:12 AM -0500 "James J. Barlow" <jbarlow () NCSA UIUC EDU> wrote:

> On Tue, Jul 06, 2010 at 11:57:19AM -0400, Brian Grime wrote:
> >    Just  wondering what different institutions are using in terms of open
> >    source  IDS/IPS, and there heartaches or success stories that go along
> >    with them.
>
> We have been using Bro at our institution for the last 7 years or so.
> It did take a while to configure and fine tune it initially, but it
> has been well worth the effort.  We have recently been able to do some
> statistics on all of the alerts and incidents we have received over
> the last 5 years and we found that 2/3 of all incidents were discovered
> first by Bro (over network flows, syslog, and file integrity checking).
> So it is the primary tool we have in our network monitoring toolkit.
>
>
> --
> James J. Barlow   <jbarlow () ncsa illinois edu>
> Head of Security Operations and Incident Response
> National Center for Supercomputing Applications    Voice : (217)244-6403
> 1205 West Clark Street, Urbana, IL  61801           Cell : (217)840-0601
> http://www.ncsa.illinois.edu/~jbarlow                Fax : (217)244-1987



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel