Blog Posts Tagged with "IDS"


IBM Got it Wrong: It’s Not about Adding Another Data Source

March 13, 2012 Added by:John Linkous

For the majority of organizations, information security is more post mortem than critical care. Regardless of how many billions you spend on security tools, until you fix this inherent problem in traditional SIEM tools, large organizations will continue to be breached...

Comments  (0)


Algorithmic SIEM “Correlation” Is Back?

June 18, 2011 Added by:Anton Chuvakin

One of the ways out of ill-fitting default rules is in use of event scoring algorithms and other ruleless methods. While not without known limitations, can be extremely useful in environments where correlation rule tuning is not likely to happen, no matter how many times we say it should...

Comments  (0)


Applying Predictive Modeling Techniques to Information Security

February 13, 2011 Added by:Fred Williams

By using a modeling framework, modelers can apply techniques in an iterative fashion similar to software engineering. This enables the modelers to share models, evaluate models for effectiveness and determine if model results are accurate...

Comments  (5)


Do Too Many Controls Increase Risk?

January 09, 2011 Added by:Mark Gardner

Implementation of controls such as IDS / IPS / AV or non-technical controls such as screening of individuals are examples of controls that may work on implementation, but unless they are updated or re-screened over time, they do not take account of changes in circumstances...

Comments  (1)


False Positives: The Best Way to Kill a Good Initiative

January 05, 2011 Added by:Robb Reck

The more we raise alerts about issues that either don't exist, or aren't worth the attention we give them, the less interested people are in hearing what we have to say. If we do it too much, eventually when we scream that the wolf is at the door, we will be ignored, and see our data get eaten up...

Comments  (0)


Defending Your Network: Detection versus Prevention

November 17, 2010 Added by:Robb Reck

Our prevention systems cannot block every type of malicious activity, and we should not expect them to. Implementing high quality detective technologies gives us the kind of visibility into what's going on in our network that we can never have without them...

Comments  (0)


Coping with the Inevitability of a Data Breach

October 13, 2010 Added by:Robb Reck

While an attacker will eventually figure out a way around your firewall, as soon as they do a good SIEM can alert the NOC and send technicians rushing to respond. In a perfect world, we will keep attackers, both external and internal, from having the opportunity to exploit our systems. But the reality is that breaches do occur...

Comments  (0)


Is Your Network Proactively Safe?

October 12, 2010 Added by:Evandro Rodrigues

IDS is a system that detects all network traffic and identifies suspicious activities that may indicate an external or internal attack, targeting systems and network decrease. But IDS is passive, it just monitors attacks, intrusions and exploits, and generating alerts and reports...

Comments  (0)


Packet fragmentation vs the Intrusion Detection System

December 08, 2009 Added by:Fred Williams

How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.

Comments  (2)