IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Are sophisticated attacks just FUD?

From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Wed, 7 Jul 2004 02:28:17 -0400 (EDT)
Sam and all,


I had a big discussion with my boss who claims most of the IPS, SIM and other new tools are just a
hype protecting from sophisticated threats, which only exist in labs.

Here is another, scarier side of this discussion. You sit in the field,
and your boss has a horrible suspicion that vendors out there are trying
to sell their wares based on the "lab threats" that are "too
sophisticated" for the real world. Some of us sit on the other side, in
vendor labs, and sometimes (admittedly rarely!) _some_ folks think that
_some_ of the products sold in the market will only protect you from basic
threats that are "too simple" for the real world... For example, if you
talk to NIPS vendors in detail, you'd learn that live inline blocking will
only happen to protect you from _reliably identified_ threats. The latter
definition often maps to simple and well-known threats. As far as the
sophisticated stuff goes, you might get an alert or two - and then its up
to your monitoring capability rather than a firewall/NIPS preventive
capability.

Best,
-- 
Anton A. Chuvakin, Ph.D., GCIA, GCIH
     http://www.info-secure.org
   http://www.securitywarrior.com


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: