What do you think is the most probable approach that will complement the signature based approach in the recent future?
There are alot of options for complementing signature based. There are programs that will coorelated IDS events with system event logs. There is Behavioural Analysis. Mazu, IBM consult, Enterasys all do this. Combined with NetFlow analysis. With all this information you need a Security Information Manager to massage this data into some useful information. Something that you can act upon. I use Enterasys' Dragon Security Command Console(SIM). I combine this with their Dragon IDS(signature based) and behavioural sensor. This allows me to coorelated Win32 eventlogs, webserver logs, DB logs, NetFlow feeds, IDS events, AV alerts, Firewall logs, VPN logs, etc. DSCC also allows me to combine vulnerability information on all of my assets. This information can be use to help triage offenses. The DSCC will manage nessus and nmap remotely. It is alot of work to setup and configure an accurate SIM. But it is a great exercise in getting to know your environment. :) On 10/4/07, snort user <[EMAIL PROTECTED]> wrote: > Greetings. > > I have a general IDS related query: what are the current trends in > intrusion detection methods? > > Signature based seems to be the most commonly used approach. There are > also lot of products that implement protocol decoding/analysis to > assist the signature based approach. > There are a few rate based and anomaly based products too. > > What do you think is the most probable approach that will complement > the signature based approach in the recent future? > > Thanks for the reply ! > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > -- -p1g SnortCP ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
