IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Are sophisticated attacks just FUD?

From: "Drew Simonis" <simonis () myself com>
Date: Wed, 30 Jun 2004 08:55:25 -0500


I'm looking for statistical data showing how frequent sophisticated attacks and advanced tools are 
evolved and what there damage is to the corporate. If anyone knows of a research showing if this 
is FUD or a real problem, I'd love to prove him wrong (I'm willing to admit I'd be happy to have 
some new toys ;) 


There's a catch 22 here.  Sophisticated, advanced attacks such as you are interested in would
most likely not take advantage of "known" attack patterns.  Advanced tools would use undisclosed
exploits.  As such, most IDS would not detect the activity.  Anomaly based IDS may, depending on 
the exploit vector, but would the analyst be savy enough to know what just happened?  So, raw 
evidence is, by the nature of the attack, sparse.  

In addition, these sorts of attacks imply a more targeted, intelligent approach as compared
to attacks of opportunity.  The damages from this sort of activity are equally hard to enumerate
since most targeted companies are hesitant to disclose the attack.  Maybe we'll see this trend
change, maybe not.  In the mean time, I'd be suspicious of any abstract studies.

-Ds

---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: