IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS vs. IPS deployment feedback

From: "Basgen, Brian" <bbasgen () pima edu>
Date: Fri, 7 Apr 2006 09:27:55 -0700
Andrew,


some technologies, one signature handles an entire class of

vulnerabilities. Where Snort 

needs multiple signatures for the same vulnerability, ISS can protect

against the 

vulnerability with 1 signature. TP is the same. 

 
 Interesting. Can you show me an example of this? I'd like to understand the
design differences that lead the snort signature base to be as ineffecient
as you describe.


ISS, for example, does their own independent security research an has

signatures to 

protect against things that Snort people don't even know about.


 I don't understand how this differs from the Sourcefire Vulnerability
Research Team. Can you provide some details, specific examples, of where the
Sourcefire VRT has failed and the ISS research has succeeded?

~~~~~~~~~~~~~~~~~~
Brian Basgen
IT Security Architect
Pima Community College

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: