IDS mailing list archives
RE: Vulnerability & Exploit Signatures
From: "Marc Maiffret" <mmaiffret () eeye com>
Date: Thu, 16 Jun 2005 18:07:55 -0700
| -----Original Message----- | From: Kelly Dowd [mailto:loris65 () gmail com] | Sent: Thursday, June 16, 2005 5:26 AM | To: Jackson Yu | Cc: focus-ids () securityfocus com | Subject: Re: Vulnerability & Exploit Signatures | | I doubt there is any licensing of base signatures between | vendors (signature engines vary greatly between products, you | can't just 'use' | another products sigs). You will find that some developers look at | existing signature sets to get 'ideas', but it's far from a | one-for-one copy. Companies must develop their own sigs just | like they develop their own appliances... it's a total package. | | -Kelly D. One of the fastest growing (based on number of new companies, not revenues) segment of security companies, from a product perspective, are companies who do not have much intellectual property beyond nice web management interfaces. To be more specific it is the huge growth in companies who have built security "appliances", web interfaces on top of Nessus and Snort. Obviously this fast growing area of "I want to be a security company to" has died down a bit as investors have started to realize you need more than pretty reporting on top of someone else's open source project. There are obvious exceptions though with the lead developers/creators from both Nessus and Snort starting up their own companies based off the open source projects they work on. Some companies that start by ripping off, I mean borrowing, open source tools eventually do try to branch out and develop their own signatures/checks/engine moving forward. nCircle is a good example of a company starting off as a web interface on top of Nessus. This actually does make for an easier way to kick start your own security company. Obviously to sit down and truly write your own IDS/IPS and Vulnerability Scanner is a rather large task to do without any funding. However, creating some web management off of something that already exists, and then finding some VC who do not know any better than to hand you say 50 million, does put you in a place where you now have the money to attempt to build your own real solution. There are all sorts of examples of this in the Scanner/IDS space. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9329 http://eEye.com/Blink - End-Point Vulnerability Prevention http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities Important Notice: This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offense. Please delete if obtained in error and email confirmation to the sender. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Vulnerability & Exploit Signatures Jackson Yu (Jun 15)
- Re: Vulnerability & Exploit Signatures dgr8hunt (Jun 16)
- Re: Vulnerability & Exploit Signatures Kelly Dowd (Jun 16)
- Re: Vulnerability & Exploit Signatures Matt Jonkman (Jun 16)
- Re: Vulnerability & Exploit Signatures MadHat (Jun 16)
- Re: Vulnerability & Exploit Signatures M. Dodge Mumford (Jun 16)
- <Possible follow-ups>
- RE: Vulnerability & Exploit Signatures Kyle Quest (Jun 17)
- RE: Vulnerability & Exploit Signatures Marc Maiffret (Jun 17)
- Re: RE: Vulnerability & Exploit Signatures tk (Jun 20)
- RE: Vulnerability & Exploit Signatures Ofer Shezaf (Jun 20)
- Re: Vulnerability & Exploit Signatures Joel Esler (Jun 21)