On 4/7/06, Andrew Plato <[EMAIL PROTECTED]> wrote: > Where Snort needs multiple > signatures for the same vulnerability, ISS can protect against the > vulnerability with 1 signature...
You are not familiar with modern Snort signatures. > Furthermore, Snort rules are developed by volunteers (or Sourcefire). As > such, SNORT is usually behind the curve on new signatures. ISS, for > example, does their own independent security research an has signatures > to protect against things that Snort people don't even know about. You are not familiar with modern Snort signature development by the Sourcefire Vulnerability Research Team. See: http://www.sourcefire.com/services/sf_vrt.html For one example: http://www.sourcefire.com/news/press_releases/pr121504.html > Now, I realize I sound like a ISS or TippingPoint sales person. Now that's an accurate statement! :) Richard ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
