IDS mailing list archives
Re: Useful NADS
From: Stefano Zanero <zanero () elet polimi it>
Date: Sat, 17 May 2008 16:05:03 +0200
Andrew Plato wrote:
Honestly, I have never found "network anomaly detection (NADS)" to be a tremendously valuable technology for most organizations.
Perhaps this is because no anomaly detectors exist in the commercial world with just a few exceptions (Lancope and Arbor being the two that come to mind) ?
> in the hundreds
of networks I have seen, very few of them are very clean. Most of themare filthy with a constant onslaught of "anomalies.'
A good anomaly detector should filter out those "anomalies", which by the sheer fact of being always there are extremely normal ;)
One thing I have learned in my travels installing IPS/IDS for 6+ years now is that 95% of the admins out there pay very little attention to thedeluge of data that comes from IPS/IDS technologies.
Then may I suggest that probably those technologies were either misconfigured or installed at the wrong sites ?
Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Useful NADS Stefano Zanero (May 20)
- Re: Useful NADS Albert R. Campa (May 20)
- Re: Useful NADS Stefano Zanero (May 21)
- Re: Useful NADS Albert R. Campa (May 20)