Re: Useful NADS

[Stefano Zanero <zanero () elet polimi it>]

Andrew Plato wrote:
> Honestly, I have never found "network anomaly detection (NADS)" to be a
> tremendously valuable technology for most organizations.

Perhaps this is because no anomaly detectors exist in the commercial 
world with just a few exceptions (Lancope and Arbor being the two that 
come to mind) ?

> in the hundreds
> of networks I have seen, very few of them are very clean. Most of them
> are filthy with a constant onslaught of "anomalies.' 

A good anomaly detector should filter out those "anomalies", which by 
the sheer fact of being always there are extremely normal ;)

> One thing I have learned in my travels installing IPS/IDS for 6+ years
> now is that 95% of the admins out there pay very little attention to the
> deluge of data that comes from IPS/IDS technologies. 

Then may I suggest that probably those technologies were either 
misconfigured or installed at the wrong sites ?

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------