Andrew, ISS server sensor and Proventia server do offer a broad range of anomaly detection techniques:
Firstly there are the pam based signatures. Most of the newer signatures are actually anomaly based rather than pattern based, because they differentiate between "good" and "bad" protocol usage. Secondly there are the audit type signatures where you find categories like "unusual admin activity", which can detect anomalies. Thirdly there are "Suspect connections" aka honeypot which will alert you of anomal usage of a networked server. Number two and three can be extended using user defined signatures to detect anomalies from what the server was designed for to do. Proventia server is offering some additional anomaly features like Buffer Overflow Exploit Protection (BOEP). I am not so sure what you are looking for specifically, but this might give you a rough idea of what can be done. Regards Karl-Heinz Jaeger Manager Research & Engineering ______________________________________________________________ *Treffen Sie am 19. jeden Monats IT-Sicherheits-Experten beim BDG-Security-Point!** *Informieren Sie sich hier: http://www.bdg.de/security-point *Besuchen Sie den BDG-Workshop in Zusammenarbeit mit Blue Coat Systems am 28. Juni 2006 in Frankfurt.** *Nähere Informationen finden Sie unter: http://www.bdg.de/events/ <http://www.bdg.de/events/bluecoat_workshop/anmeldung.html> ______________________________________________________________ *BDG GmbH & Co. KG - Make IT safe.** *Stolbergerstr. 307 D-50933 Koeln Tel: +49 (0)6126-94433-21 Fax: +49 (0)6126-94433-31 E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Web: www.bdg.de <http://www.bdg.de/> ______________________________________________________________ Podosenin, Andrew schrieb: > Dear colleagues, > > Do you know if the combination of Site Protector and Server Sensors offer any > anomaly detection functionality? All I was able to find in the documentation > is the reference to the ISS ADS devices. > > Thanks, > > Andrew > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security Systems, > 6303 Barfield Road, Atlanta, Georgia, USA 30328. > > _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
