Hi, I work for IBM Internet Security Systems and was involved in the creation of the 2007 trend report. I agree that the host is the place where you need to solve this problem. De-obfuscating traffic as a network device certainly would have performance issues. Someone had asked if the Proventia line had something to address this issue, so I thought I'd clear that up. Our IPS products do have a handful of signatures that look for Javascript obfuscation (JavaScript_Unescape_Regex, JavaScript_Large_Unescape, JavaScript_Unescape_Obfuscation).

Also, I'd like to apologize for that marketing slick that touts our IPS as being a solution for Phishing. Although there are ways you can get an IPS to address some issues related to phishing and spam, it is obviously not designed to be a wholesale solution for that kind of problem.... that's why we have a market for content (email/web) products! I actually had a meeting a few weeks ago with the marketing folks to have that removed, so having someone make fun of it on this list is pretty timely. :)

-Holly

Holly Stewart

Product Manager, X-Force and XFTAS

IBM Internet Security Systems

Atlanta, GA

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------

[ reply ]