IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS vs. IPS deployment feedback

From: "Thomas Choi" <tchoi () nortel com>
Date: Mon, 17 Apr 2006 17:28:28 -0400
Stefano Zanero wrote:

Anomaly based devices, on the contrary, use the past as a
way to detect anomalies into the future, and therefore are less
sensitive to the zero-day/unforeseen attack problem.


Yes but at the cost of high false positive rates.   :)
IMO, until we can come up with a way to accurately define/learn what 'normal 'behavior actually is, anomaly based systems will be pain for any corporate IT security officer to use. 




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: