IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS vs. IPS deployment feedback

From: "Richard Bejtlich" <taosecurity () gmail com>
Date: Mon, 10 Apr 2006 13:35:39 -0400
On 4/7/06, Andrew Plato <andrew.plato () anitian com> wrote:

Where Snort needs multiple
signatures for the same vulnerability, ISS can protect against the
vulnerability with 1 signature...


You are not familiar with modern Snort signatures.


Furthermore, Snort rules are developed by volunteers (or Sourcefire). As
such, SNORT is usually behind the curve on new signatures. ISS, for
example, does their own independent security research an has signatures
to protect against things that Snort people don't even know about.


You are not familiar with modern Snort signature development by the
Sourcefire Vulnerability Research Team. See:

http://www.sourcefire.com/services/sf_vrt.html

For one example:

http://www.sourcefire.com/news/press_releases/pr121504.html


Now, I realize I sound like a ISS or TippingPoint sales person.


Now that's an accurate statement!  :)

Richard

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: