RE: Are sophisticated attacks just FUD?

["Joshua Berry" <jberry () PENSON COM>]

You cannot point to the firewall as evidence that you are never targeted
in a large network.  What about across VPN connections, or inside
attacks, or if you are large enough you probably have Point-to-Point
connections with other offices, vendors or customers.  

Also, just because you do not know of a breach does not mean that one
has not occurred.  This would hopefully be part of a sophisticated
attack: not getting caught, or at least for some time.

-----Original Message-----
From: Sam Heshbon [mailto:sheshbon () yahoo com] 
Sent: Tuesday, June 29, 2004 11:12 AM
To: focus-ids () securityfocus com
Subject: Are sophisticated attacks just FUD?

I had a big discussion with my boss who claims most of the IPS, SIM and
other new tools are just a
hype protecting from sophisticated threats, which only exist in labs.
He thinks multi staged attacks and so on do not often happen in the wild
and shows our firewall's
logs as evidence. It is true we see mostly worms.(NMAP) scanning happens
once in a while, but he
claims it's a script kiddy and the fact we have never seen a breach
means it is not a real threat
(we run a large network operation).
I'm looking for statistical data showing how frequent sophisticated
attacks and advanced tools are
evolved and what there damage is to the corporate. If anyone knows of a
research showing if this
is FUD or a real problem, I'd love to prove him wrong (I'm willing to
admit I'd be happy to have
some new toys ;)



        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

------------------------------------------------------------------------
---

------------------------------------------------------------------------
---


---------------------------------------------------------------------------

---------------------------------------------------------------------------