Arian,

>Anyway, that said, the behavioral realm
>is begging to be explored more. I'm surprised
>none of the vendors have touched it. It
>seems so promising.

They have, the problem is in finding market applicability. This
approach (and I expand this to behavioral protection in general) tends
to be imprecise enough to require marriage to more direct methods like
white listing and black listing. Simply put the false positive rates
(when the technology is deployed in isolation) suck. Paying customers
tend to have a pretty limited tolerance for that so the tech tends to
get buried and becomes a victim of underemphasis. Hopefully the open
source community will dig in and fix this for everyone else so they
can profit on it.

>ps -- unsure if this will make the list. Security
>Focus has randomly blocked me from some
>lists but not others, and I have been unable
>to get the SF list-server admins to respond
>to email about this for almost TWO YEARS
>now for some reason.

For a guy who is obviously quite intelligent I'm surprised you've not
sorted this one out yet. Your posts are certainly well thought out and
you clearly understand your space well. The gating factor for you ( or
more precisely, your posts) is that you litter your posts with
frenetic vitriol. In an otherwise fantastic post you make two cheap
(albeit possibly true) shots at vendors in the app firewall/ids space
and then follow up with a coup de grace at the site your posting
through. All of this and your surprised your posts fail and the
moderators ignore you?

al

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------

[ reply ]