Intrusion Detection Systems mailing list archives

Re: a novice question. -reply

From: Mark.Teicher () predictive com (Mark.Teicher () predictive com)
Date: Tue, 28 Mar 2000 06:10:39 -0800


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Yes, I also tend to agree with Ron, that understanding packet analysis and 
understanding anomalous behavior requires a higher skill set.  Having 
secondary systems in place to ensure that the primary system is monitoring 
everything correctly is one step closer to having a well-planned, 
well-thought out security architecture.

The other question is what is the definition of a "Security guru"  I tend 
to see that word used but haven't met many of them... Can you provide a 
list of for those of us who aspire to become one can somehow pick the 
brains of a security guru  ??:) (Tongue in cheek )

/mark

Ron Gula <rgula () securitywizards com>
03/28/00 08:54 AM

 
        To:     Mark.Teicher () predictive com
        cc:     ids () uow edu au
        Subject:        Re: IDS: a novice question. -reply

Each IDS system that has been mentioned has shortcomings.  Dragon is
vastly different from ISS RealSecure.  Dragon has other issues that far
beyond some of the nuances that ISS RealSecure has.  The current version
of Dragon still needs drastic improvement in order to even make a dent in
the IDS market segment. Dragon still requires a high level of TCP/IP
expertise and other skills not commonly known by monitor monkeys.  So
comparing Dragon to ISS RealSecure is like apples to oranges.  :)


I agree. In many cases, we have been able to go into ISS shops and sell
them several Dragon sensors for added forensics analysis. BTW, there are
many shops out there who run more than one type of IDS. The entry level
operators tend to use ISS, while the security gurus tend to use Dragon.
In many cases though, as people get more used to packet analysis and the
types of traffic on their network, they use Dragon. It's still a learning
curve.

As for making dents in the IDS market, I'd say we've caused a few black
eyes to the competition. There is nothing better than having your
competition go into some of your key accounts, hook up their software to
the network and watch the CPU peg to 100%.

Ron Gula, CTO
Network Security Wizards

Current thread:

Re: a novice question. -reply, (continued)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 26)
  - Re: a novice question. -reply Jackie Chan (Mar 26)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 26)
  - Re: a novice question. -reply Stuart Staniford-Chen (Mar 27)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 26)
  - Re: a novice question. -reply Ron Gula (Mar 28)
    - Re: a novice question. -reply Jesse Nelson (Mar 29)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 27)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 27)
  - Re: a novice question. -reply Stuart Staniford-Chen (Mar 27)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 28)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 28)
  - Re: a novice question. -reply Ron Gula (Mar 29)
- Re: a novice question. -reply JohnNicholson () AOL COM (Mar 28)
- RE: a novice question. -reply Meritt, Jim (Mar 29)
- Re: a novice question. -reply Mark.Teicher () predictive com (Mar 29)