Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ?

[Seth Hall <seth () remor com>]

Hi Martin!

On May 10, 2011, at 9:47 AM, Martin Holste wrote:

> So my question to you is this: what is NSS doing in its testing
> batteries to evaluate how well products are finding malware check-ins
> and/or data exfiltration versus exploitation?

Thanks for asking this question.  I was just about to ask a very similar question.  For teams practicing large scale 
intrusion detection, the commonality seems to be that they don't care about exploits and want to find all of the 
existing compromises because they're always out there, they just haven't found them yet, right? :)

I think the problem here may be that NSSLabs only tests "intrusion prevention" products where the focus seems so 
heavily oriented toward catching the exploits whereas intrusion detection systems get to be a little freer to just 
detect weirdness in addition to trying to detect the exploits.  Testing products that catch compromised hosts is 
probably insanely difficult though.  I can think of a rather large number of intrusions that I've caught that were only 
caught by creatively watching the network and I'm sure I'm not the only one on this list that can think of compromises 
they've caught similarly.

Anyway Rick +1 for Martin's question.  I'd love to hear as well. :)

  .Seth
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users