The technology discussed in this article (A new way to nab hackers) is neither new nor different. Hybrid anomaly/signature engines have been around for a long time. Network ICE was one of the first to commercialize this IDS design with BlackICE in 1998. BlackICE is now the core engine in ISS's RealSecure products. ManHunt from Recourse is a hybrid anomaly/signature engine. Even Snort and its commercial friend Sourcefire could be marginally described as a hybrid since they do a lot of protocol-specific pre-processing. The article is correct that anomaly engines do tend to produce a lot of false positives. This fact tends not to make it into the sales brochures and marketing fluff. There can be a painful and extended integration period where an IDS engine must be tuned and tweaked for its network environment. Nevertheless, I think the article is a bit misleading in that it acts like IntruVert has come up with some phenomenal new technology. In fact, this technology has existed for a long time. Perhaps IntruVert's "micro-tuning" thing is a new twist on tuning engine, but its sounds more like marketing buzz than substance. ------------------------------------ Andrew Plato President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com ------------------------------------ > From Ziff Davis eWeek Newsletter: 5/7/02 > -------- > New Way to Nab Hackers > > As the threats to corporate networks continue to mount and > attackers' methods evolve, security vendors are turning to > technologies that detect not just what attackers are doing > but how they're doing it. To read the story, click here: > http://www.eweek.com/article/0,3658,s=712&a=26347,00.asp >
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:03 PDT