focus-ids October 2008 archive
Main Archive Page > Month Archives  > focus-ids archives
focus-ids: Re: IDS vs Application Proxy Firewal

Re: IDS vs Application Proxy Firewal

From: Stefano Zanero <s.zanero_at_nospam>
Date: Wed Oct 29 2008 - 16:07:03 GMT
To: Ashish Kamra <akamra@purdue.edu>


Ashish Kamra wrote:
> My two cents on this issue as a Phd student working on an AD system for
> a DBMS (who just wants get his Phd at the moment and not get into a
> debate :-)).

If you want to get your PhD, then debating is quite important :D

> I was at the Recent Advances in Intrusion Detection Conference (RAID
> 2008) recently where one of the topics for a panel discussion was "Life
> after antivirus". The main take-away from the discussion was that even
> top anti-virus companies are looking at whitelisting approaches to
> augment the existing blacklists in order to win the battle against ever
> increasing malware variants.

Whitelisting is a good approach to execution authorization and for fighting malware, this is quite well recognized I'd say. Intrusion detection is a completely different beast though (and it seems quite peculiar that at RAID this wasn't noted).

SZ



Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.