Advanced Intrusion Defense. Joel Snyder Opus One. Acknowledgements. Massive Support from Marty Roesch, Ron Gula, Robert Graham Products from ISS, Cisco, and Tenable Cash and Prizes from Andy Briney and Neil Roiter. http://infosecuritymag.techtarget.com/.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Massive Support from Marty Roesch, Ron Gula, Robert Graham
Products from ISS, Cisco, and Tenable
Cash and Prizes from Andy Briney and Neil Roiter
IF the IDS knew that the destination system was not running Back Orifice…
IF the IDS knew that there was no such destination system…
IF the IDS knew that the destination system was more hops away then TTL allowed…The IDS lacks “context”
Operator gets enormous dinosaur-sized headache looking at hundreds of thousands of alertsStart with a normal IDS…
… and add brains!
Somehow figure out lots of information about
What systems are out there
What software they are running
What attacks they are vulnerable to
Evaluate each alert with the additional contextual knowledge and decide
To promote the alert
To demote the alert
That we don’t knowBrains=knowledge + process
By simply watching the traffic fly by, you can learn a great deal
“I already have an IDS and I care about the alerts and I need some way to help prioritize them because I am drowning in alerts!”
“I need to get an IDS for alerts but don’t have the manpower to analyze the alerts.”
“If I get this, my IDS will be a self-tuning smooth-running no-maintenance machine.”
“I have no network security policy that says what to do when an alert occurs.”Is this right for you?
Submit your questions to Joel by clicking on the Ask A Question link on the lower left corner of your screen.
Thank you for participating in this SearchSecurity webcast. For more information on intrusion defense, visit our Featured Topic: http://www.searchSecurity.com/featuredTopic/IntrusionDefense