IDS mailing list archives
Re: IDS is dead, etc--Only if you limit your Horizons
From: Thomas Munn <munn () bigfoot com>
Date: 6 Aug 2003 14:52:33 -0000
In-Reply-To: <3F2FE549.5050806 () nfr com> I and a colleague are working on an extension of my AIRIDS architecture which I covered in 2001 at DEFCON. Basically we are making the first module of the AIRIDS system, an inventory gathering module. Its aim is to gather hosts, map vulnerabilities, os types, and user specified risk ratings into a system that will allow signatures to be tuned by the host, its function, risk rating and other items. Hopefully once the code is released we will be doing a "public" bash at either defcon, or blackhat (Dark tangent willing!). Certainly signature based ids, and many of its ilk are in trouble as people realize that "Hey wow, its cool that I was attacked, but now what do I do?" People simply don't know what to do with their IDSES. AIRIDS aims to change that by automating much of the work that currently has to be done manually, by employing a risk rating system (mostly automatic) and an automatic (*mostly!*) of the hosts on each network. I have written a "white paper" on the airids concept, available at packetstorm. Just search for "Airids" or Thomas Munn, and you will find the paper. --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm ---------------------------------------------------------------------------
Current thread:
- Re: IDS is dead, etc--Only if you limit your Horizons Thomas Munn (Aug 06)
- <Possible follow-ups>
- Re: IDS is dead, etc--Only if you limit your Horizons alaric (Aug 08)