>> Where Snort needs multiple >> signatures for the same vulnerability, ISS can protect against the >> vulnerability with 1 signature... > >You are not familiar with modern Snort signatures.
Modern Snort signatures are definitely an improvement over what it used to be, but it's still "not there" yet in some cases... because of the limited protocol decoding capabilities, etc >You are not familiar with modern Snort signature development by the >Sourcefire Vulnerability Research Team. See: > >http://www.sourcefire.com/services/sf_vrt.html > >For one example: > >http://www.sourcefire.com/news/press_releases/pr121504.html This is mostly "marketology"... Especially the zero-day protection press release. The VRT team indeed does a great job developing signatures, but they still have to work with Snort limitations... which affects the final result. What makes ISS X-Force different from SourceFire VRT is the amount of research being done... and not only on publicly known vulnerabilities They can afford to do a lot of new vulnerability research, which is one way of staying ahead of competition :-) Note: I'm not associated with ISS in any way and I don't sell anything... I'm just trying to be objective... K ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
