Re: Useful NADSMay 20 2008 03:28PM Albert R. Campa (abcampa gmail com) (1 replies)
ISS has an ADS device.
Enterasys has ADS technology in their SIM Dragon. (brings in flow information)
On Sat, May 17, 2008 at 9:05 AM, Stefano Zanero <zanero (at) elet.polimi (dot) it [email concealed]> wrote:
> Andrew Plato wrote:
>>
>> Honestly, I have never found "network anomaly detection (NADS)" to be a
>> tremendously valuable technology for most organizations.
>
> Perhaps this is because no anomaly detectors exist in the commercial world
> with just a few exceptions (Lancope and Arbor being the two that come to
> mind) ?
>
>> in the hundreds
>>
>> of networks I have seen, very few of them are very clean. Most of them
>> are filthy with a constant onslaught of "anomalies.'
>
> A good anomaly detector should filter out those "anomalies", which by the
> sheer fact of being always there are extremely normal ;)
>
>> One thing I have learned in my travels installing IPS/IDS for 6+ years
>> now is that 95% of the admins out there pay very little attention to the
>> deluge of data that comes from IPS/IDS technologies.
>
> Then may I suggest that probably those technologies were either
> misconfigured or installed at the wrong sites ?
>
> Stefano
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from CORE
> IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
Enterasys has ADS technology in their SIM Dragon. (brings in flow information)
On Sat, May 17, 2008 at 9:05 AM, Stefano Zanero <zanero (at) elet.polimi (dot) it [email concealed]> wrote:
> Andrew Plato wrote:
>>
>> Honestly, I have never found "network anomaly detection (NADS)" to be a
>> tremendously valuable technology for most organizations.
>
> Perhaps this is because no anomaly detectors exist in the commercial world
> with just a few exceptions (Lancope and Arbor being the two that come to
> mind) ?
>
>> in the hundreds
>>
>> of networks I have seen, very few of them are very clean. Most of them
>> are filthy with a constant onslaught of "anomalies.'
>
> A good anomaly detector should filter out those "anomalies", which by the
> sheer fact of being always there are extremely normal ;)
>
>> One thing I have learned in my travels installing IPS/IDS for 6+ years
>> now is that 95% of the admins out there pay very little attention to the
>> deluge of data that comes from IPS/IDS technologies.
>
> Then may I suggest that probably those technologies were either
> misconfigured or installed at the wrong sites ?
>
> Stefano
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from CORE
> IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]