|Main Archive Page > Month Archives > focus-ids archives|
Ashish Kamra wrote:
> My two cents on this issue as a Phd student working on an AD system for
> a DBMS (who just wants get his Phd at the moment and not get into a
> debate :-)).
If you want to get your PhD, then debating is quite important :D
> I was at the Recent Advances in Intrusion Detection Conference (RAID
> 2008) recently where one of the topics for a panel discussion was "Life
> after antivirus". The main take-away from the discussion was that even
> top anti-virus companies are looking at whitelisting approaches to
> augment the existing blacklists in order to win the battle against ever
> increasing malware variants.
Whitelisting is a good approach to execution authorization and for fighting malware, this is quite well recognized I'd say. Intrusion detection is a completely different beast though (and it seems quite peculiar that at RAID this wasn't noted).
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.