IDS mailing list archives

Re: SourceFire RNA

From: Ron Gula <rgula () tenablesecurity com>
Date: Wed, 3 Dec 2003 12:14:12 -0800


On Wed, 3 Dec 2003 1:21pm, Martin Roesch wrote:

(Stuff deleted)

The same can be said of active discovery techniques, it is just aspossible to hide from an active scanner as it is to hide from a passiveone, so we can never know that we have 100% perfect knowledge of what'son our networks with either technology. On the other hand, I'm anadvocate of the "perfect is the enemy of good enough" school ofengineering, we need solutions that can detect changes in the networkenvironment in real-time and scanners can't do that, RNA can and so itprovides a good solution to a hard problem.

Of course scanners can detect change in networks. They may not be ableto detect them as near time as a passive scanner like RNA, NeVO,Securify or Arbour's products, but doing a diff of multiple active scansshows lots of change. Products like Lightning, Foundstone, and eEyedetect change in networks each time they run.


//Ron

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

Re: SourceFire RNA, (continued)
- - - Re: SourceFire RNA Renaud Deraison (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
- Re: SourceFire RNA Martin Roesch (Dec 02)
  - RE: SourceFire RNA Lior Tal (Dec 03)
    - Re: SourceFire RNA Martin Roesch (Dec 03)
    - Re: SourceFire RNA Ron Gula (Dec 03)
    - Re: SourceFire RNA Martin Roesch (Dec 03)
    - Re: SourceFire RNA Ron Gula (Dec 03)
    - Re: SourceFire RNA Michael Stone (Dec 05)
- RE: SourceFire RNA Teicher, Mark (Mark) (Dec 09)