30-ish page whitepaper

From: Golomb, Gary <GGolomb(at)enterasys.com>
Date: Wed Feb 26 2003 - 15:19:55 EST

Hi there all!

On the subject of Pattern Matching vs. Protocol Decoding vs. Anomaly Detection... (Hopefully this issue hasn't already been beaten to a bloody pulp!)

By request of a few people, we recently re-released a paper on this subject. (Originally written six to nine months ago, this new version was condensed and updated a little.) It's a technical look at the different methodologies available for performing Intrusion Detection that expands heavily on the excellent article recently written by Matt Tanase. It's not just marketing speak like other available whitepapers. Half of this document is devoted to probe/exploit/compromise analysis (then correlated to each of the various methods).

It should be an interesting read for those who are trying to get a handle on all the buzzwords and the storm of marketing propaganda out there! I couldn't attach it to this message (it bounced), but it's available at
http://dragon.enterasys.com/downloads/ID_Methodologies_Demystified.pdf.

Hope you find it relevant, accurate, and useful. Please feel free to contact me with any questions or corrections. It's important for me to keep this as precise and truthful as possible.

Thanks! :)

-gary

---

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Wed Feb 26 23:49:12 2003