One of the criteria can be market share of softwares. If there is a vulnerability in some software which does not have a decent market share, none of your customres are using it, why do you want to waste time, money and resources in developing signature.
Regards
Abhishek
----------------------------
>Hi,
>There are over 30000 CVE vulnerability reports. >Many IDS/IPS devices
>have around 4000-5000 signature rules. My guess >is that these
>signatures may cover (detect)around 4000-7000 >attacks. 23000 to 26000
>CVEs, that is, significant number of CVEs are >not covered by IDS/IPS
>devices.
>I am guessing that there is reason for this. >IDS/IPS vendors may be
>selecting few CVEs for developing signatures. >What is the selection
>criteria followed in industry? One criteria, I >know is that Network
>IDS/IPS devices don't need to worry about >attacks that can only be
>mounted on the local machine, that is, NIDS/NIPS >devices only need to
>worry about detection of attacks mounted >remotely. Are there any other
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
One of the criteria can be market share of softwares. If there is a vulnerability in some software which does not have a decent market share, none of your customres are using it, why do you want to waste time, money and resources in developing signature.
Regards
Abhishek
----------------------------
>Hi,
>There are over 30000 CVE vulnerability reports. >Many IDS/IPS devices
>have around 4000-5000 signature rules. My guess >is that these
>signatures may cover (detect)around 4000-7000 >attacks. 23000 to 26000
>CVEs, that is, significant number of CVEs are >not covered by IDS/IPS
>devices.
>I am guessing that there is reason for this. >IDS/IPS vendors may be
>selecting few CVEs for developing signatures. >What is the selection
>criteria followed in industry? One criteria, I >know is that Network
>IDS/IPS devices don't need to worry about >attacks that can only be
>mounted on the local machine, that is, NIDS/NIPS >devices only need to
>worry about detection of attacks mounted >remotely. Are there any other
>considerations?
>Thanks
>Ravi
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]