IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS vs Application Proxy Firewal

From: Stefano Zanero <s.zanero () securenetwork it>
Date: Wed, 29 Oct 2008 17:07:03 +0100
Ashish Kamra wrote:

My two cents on this issue as a Phd student working on an AD system for
a DBMS (who just wants get his Phd at the moment and not get into a
debate :-)).


If you want to get your PhD, then debating is quite important :D


I was at the Recent Advances in Intrusion Detection Conference (RAID
2008) recently where one of the topics for a panel discussion was "Life
after antivirus". The main take-away from the discussion was that even
top anti-virus companies are looking at whitelisting approaches to
augment the existing blacklists in order to win the battle against ever
increasing malware variants. 


Whitelisting is a good approach to execution authorization and for
fighting malware, this is quite well recognized I'd say. Intrusion
detection is a completely different beast though (and it seems quite
peculiar that at RAID this wasn't noted).

SZ

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: