Re: Seeking feedback on new IDS/IPS/SEM

[Stefano Zanero <zanero () elet polimi it>]

Security Focus wrote:

> some technology being evaluated within DHS.  The technology appears to merge
> the functionality of a SEM with an IPS, but more importantly it seems to
> make blocking decisions from a centralized layer instead of on the wire,

Looks like any other incident management / security console on the
market, except it's unknown, and its documentation is really difficult
to understand.

As far as centralized decisions on multiple sensors are concerned, I
think that DIDS was the first example of this "new technology", in 1991.
I wasn't even allowed to drink alcohol yet at that time. Go figure.

> and
> it goes one step further and describes some kind of patented bi-directional
> transport that interconnects firewalls, NIDS,IPS, and servers, from a
> contextual standpoint.

An interesting example of how bad the concept of "software patent" has
gone over there in the US :)

Looks like a pretty uninteresting protocol based on XML + some kind of
transport layer security.

Like IDMEF, but proprietary, and therefore quite doomed.

I'd bet my 0.02 EUR cents on this being "smoke and mirrors", but I'd be
glad if anyone points out to me anything new in all of this.

Best regards,
Stefano Zanero

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------