Hi, I work for IBM Internet Security Systems and was involved in the creation of the 2007 trend report. I agree that the host is the place where you need to solve this problem. De-obfuscating traffic as a network device certainly would have performance issues. Someone had asked if the Proventia line had something to address this issue, so I thought I'd clear that up. Our IPS products do have a handful of signatures that look for Javascript obfuscation (JavaScript_Unescape_Regex, JavaScript_Large_Unescape, JavaScript_Unescape_Obfuscation).
Also, I'd like to apologize for that marketing slick that touts our IPS as being a solution for Phishing. Although there are ways you can get an IPS to address some issues related to phishing and spam, it is obviously not designed to be a wholesale solution for that kind of problem.... that's why we have a market for content (email/web) products! I actually had a meeting a few weeks ago with the marketing folks to have that removed, so having someone make fun of it on this list is pretty timely. :) -Holly Holly Stewart Product Manager, X-Force and XFTAS IBM Internet Security Systems Atlanta, GA ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
