IDS mailing list archives
Re: SourceFire RNA
From: Ron Gula <rgula () tenablesecurity com>
Date: Wed, 3 Dec 2003 12:14:12 -0800
On Wed, 3 Dec 2003 1:21pm, Martin Roesch wrote: (Stuff deleted)
The same can be said of active discovery techniques, it is just as possible to hide from an active scanner as it is to hide from a passive one, so we can never know that we have 100% perfect knowledge of what's on our networks with either technology. On the other hand, I'm an advocate of the "perfect is the enemy of good enough" school of engineering, we need solutions that can detect changes in the network environment in real-time and scanners can't do that, RNA can and so it provides a good solution to a hard problem.
Of course scanners can detect change in networks. They may not be able to detect them as near time as a passive scanner like RNA, NeVO, Securify or Arbour's products, but doing a diff of multiple active scans shows lots of change. Products like Lightning, Foundstone, and eEye detect change in networks each time they run.
//Ron --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: SourceFire RNA, (continued)
- Re: SourceFire RNA Renaud Deraison (Dec 03)
- Re: SourceFire RNA Jason (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 03)
- Re: SourceFire RNA Jason (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 03)
- Re: SourceFire RNA Jason (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 03)
- RE: SourceFire RNA Lior Tal (Dec 03)
- Re: SourceFire RNA Martin Roesch (Dec 03)
- Re: SourceFire RNA Ron Gula (Dec 03)
- Re: SourceFire RNA Martin Roesch (Dec 03)
- Re: SourceFire RNA Ron Gula (Dec 03)