http://www.darkreading.com/security-monitoring/167901086/security/perimeter-security/240003734/black-hat-researcher-rethink-and-refine-your-ids.html By Robert Lemos Contributing Writer Dark Reading July 13, 2012 When a company finds out that an attacker has been in its network and stealing data, it's rare that its intrusion detection system (IDS) is the key to the discovery. More often, as shown by the 2012 Verizon Data Breach Investigations Report, data is stolen within hours, but the breach is found weeks or months later when the attackers use the data. A large part of the problem is that IDSes have not kept up with attackers. But another part of the problem is companies are not properly managing the systems, according to John "Four" Flynn, a security engineer with Facebook, who plans to argue in a presentation on their failures at Black Hat USA later this month. For example, breached companies were more likely to find intruders through manual log analysis than by alerts generated by their IDSes, according to the Verizon report. "When you actually dive into the details of how these systems are working against the modern, targeted attack that a lot of the enterprises are dealing with today, you find that the efficacy of these systems leaves a lot wanting," Flynn says. "It is pretty appalling. We need kind of a reset here." He's not alone in criticizing IDSes and how they are being used by companies. The systems inundate security teams with data, need constant tuning, and have not kept up with attacks, says Bryan Sartin, director of intelligence for Verizon's RISK group. [...] -- Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online. Come to a free class and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Mon Jul 16 2012 - 08:39:32 PDT
This archive was generated by hypermail 2.2.0 : Mon Jul 16 2012 - 09:01:41 PDT