Daniel Cid wrote: > This "anomaly" detection will only detect 0-day > exploits for known vulnerabilities.
A zero-day exploit is a curious marketing thing. You suddenly redefine a difficult problem (catching zero-days) as a rather simpler problem (create signatures that actually describe the vulnerability, which is what any signature worth your licensing cost should do). So, presto!, you can rush up and put out some rather nice marketing material on it. Fact is, anomaly detection is so rare that it's almost unexistant in the commercial products, except for limited forms of "protocol anomaly detection" and for Arbor's peakflow technology. Best, Stefano Zanero --------------------------- Secure Network S.r.l. www.securenetwork.it ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
