IDS mailing list archives

Re: anomaly vs signature

From: "Rodrigo Blanco" <rodrigo.blanco.r () gmail com>
Date: Tue, 8 Aug 2006 10:12:07 -0600

Hello,

with such a changing market, any "complete" product list might be
obsolete tomorrow... :-) also, bear in mind the different approaches
(host/network-based, detection/prevention, ...) but here you go, this
is quite a complete one:

http://www.honeypots.net/ids/products

IMHO, more vendors are still focused on signature systems, rather than
anomaly detection. But this should change in the future with more
vendors using multiple decision criteria ("hybrid" solutions).

A good example of a hybrid technology is McAfee Intrushield (IPS),
which combines signature and anomaly detection:

https://secure.nai.com/us/enterprise/products/network_intrusion_prevention/index.html

Best regards,
Rodrigo.


On 26/07/06, miaomitiff119 <miaomitiff119 () gmail com> wrote:


Recently I was given a task to survey the relative success of Intrusion
Signature Detection and Intrusion Anomaly Detection. Does anyone know how to
get a complete list of all IDS products?:) From what I know, there are more
signature detection systems on the market than the anomaly detection
systems...is that true? What about the hybrid of the two?:)

Thank you!!!!
--
View this message in context: http://www.nabble.com/anomaly-vs-signature-tf2003214.html#a5501191
Sent from the IDS (Intrusion Detection System) forum at Nabble.com.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

------------------------------------------------------------------------

Current thread:

Re: anomaly vs signature SanjayR (Aug 02)
- Re: anomaly vs signature Roland Dobbins (Aug 03)
  - Re: anomaly vs signature Michael Vergoz (Aug 07)
- <Possible follow-ups>
- Re: anomaly vs signature Rodrigo Blanco (Aug 08)