|
Intrusion Detection Systems
mailing list archives
Re: RE: More on EMERALD
From: Alfonso Valdes <valdes () csl sri com>
Date: Fri, 25 Aug 2000 19:59:03 -0700
The operative word in the message below is "a number of years ago". Before Teresa left for DARPA would have been ca.
1995.
To say that "little has changed" is inaccurate. Our architecture of distributed lightweight sensors, and our use of
both signature and
probabilistic methods, is unique. Most recently our components were fielded side by side with commercial system "Brand
X" in a
government setting, and we stood up quite well, thank you.
I understand skepticism, but I invite you to download the Solaris monitor TODAY,
http://sdl.sri.com/emerald/releases/eXpert-BSM/
and try it out. We will shortly come out with a suite of host and network sensors, using signature and probabilistic
techniques,
listening at various points in the enterprise, and managed from a common interface. EMERALD is the leader in breadth
of coverage and
diversity of inference techniques. Stay tuned to the web site.
"b.g.miller" wrote:
Paul Proctor (the original developer of CMDS) and I evaluated the earliest incarnations of the SRI project - IDES and
NIDES under a
Navy study a number of years ago (before Teresa Lunt left for DARPA). I have to say, on face value, that it appears
that very
little has changed as far as system architecture or detection approach. At the time we evaluated it as a sound
product with great
potential, but sorely lacking in the human factors end of things. A Los Alamos Labs effort called "Wisdom & Sense"
was the only one
we rated higher.
Bobby Miller
Information Assurance Consultant
DynCorp Information Systems
"Meritt, Jim" wrote:
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Has anyone outside of SRI evaluated this thing? How might I see what THEY
said? Nothing against SRI or DARPA, but I'd really like to see some
independent (from the developer/pay the bills) information...
Jim
_______________________
The opinions expressed above are my own. The facts simply are and belong to
none.
James W. Meritt, CISSP, CISA
Senior Secure Systems Engineer at Wang Government Services, Inc.
-----Original Message-----
From: Alfonso Valdes [mailto:alfonso.valdes () sri com]
Sent: Thursday, August 24, 2000 8:07 PM
To: idsuow
Subject: IDS: More on EMERALD
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg
will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
--------------------------------------------------------------
---------------
Please visit our website http://www.sdl.sri.com/emerald/
for more information about the EMERALD project.
Currently, the only component available for download is our host-based
monitor for Solaris, called eXpert-BSM. However, we plan to release
evaluation versions of several other EMERALD components later
this year,
including a probabilistic anomaly detection monitor for
network traffic
and a suite of signature-based network monitors.
The EMERALD Development Project Team
System Design Laboratory, SRI International
emerald () sdl sri com
Attachment:
valdes.vcf
Description: Card for Alfonso Valdes
 By Date 
By Thread
Current thread:
|
Intro
