RE: CRIME Wireless Sec., Hacker Det.

From: Andrew Plato (aplato@private)
Date: Tue May 07 2002 - 13:06:10 PDT

  • Next message: Ben Barrett: "Re: CRIME Computer Crime Books & links"

    The technology discussed in this article (A new way to nab hackers) is
    neither new nor different. Hybrid anomaly/signature engines have been
    around for a long time. Network ICE was one of the first to
    commercialize this IDS design with BlackICE in 1998. BlackICE is now the
    core engine in ISS's RealSecure products. ManHunt from Recourse is a
    hybrid anomaly/signature engine. Even Snort and its commercial friend
    Sourcefire could be marginally described as a hybrid since they do a lot
    of protocol-specific pre-processing. 
    
    The article is correct that anomaly engines do tend to produce a lot of
    false positives. This fact tends not to make it into the sales brochures
    and marketing fluff. There can be a painful and extended integration
    period where an IDS engine must be tuned and tweaked for its network
    environment.
    
    Nevertheless, I think the article is a bit misleading in that it acts
    like IntruVert has come up with some phenomenal new technology. In fact,
    this technology has existed for a long time. Perhaps IntruVert's
    "micro-tuning" thing is a new twist on tuning engine, but its sounds
    more like marketing buzz than substance. 
    
    ------------------------------------
    Andrew Plato
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------
    
    
    
    >  From Ziff Davis eWeek Newsletter:  5/7/02
    > --------
    > New Way to Nab Hackers
    > 
    > As the threats to corporate networks continue to mount and
    > attackers' methods evolve, security vendors are turning to
    > technologies that detect not just what attackers are doing
    > but how they're doing it. To read the story, click here:
    > http://www.eweek.com/article/0,3658,s=712&a=26347,00.asp
    > 
    
    
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:03 PDT