Re: IDS is dead, etc--Only if you limit your Horizons

[Thomas Munn <munn () bigfoot com>]

In-Reply-To: <3F2FE549.5050806 () nfr com>

I and a colleague are working on an extension of my
AIRIDS architecture which I covered in 2001 at DEFCON.

Basically we are making the first module of the AIRIDS
system, an inventory gathering module.

Its aim is to gather hosts, map vulnerabilities, os
types, and user specified risk ratings into a system
that will allow signatures to be tuned by the host, its
function, risk rating and other items.

Hopefully once the code is released we will be doing a
"public" bash at either defcon, or blackhat (Dark
tangent willing!).

Certainly signature based ids, and many of its ilk are
in trouble as people realize that "Hey wow, its cool
that I was attacked, but now what do I do?"

People simply don't know what to do with their IDSES.

AIRIDS aims to change that by automating much of the
work that currently has to be done manually, by
employing a risk rating system (mostly automatic) and
an automatic (*mostly!*) of the hosts on each network.

I have written a "white paper" on the airids concept,
available at packetstorm.

Just search for "Airids" or Thomas Munn, and you will
find the paper.


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------