Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ids > 03 > 030497.html (Request Expert securityfocus.com Support)

False Positives with IntruVert

From: Cure, Samuel J <scure(at)kpmg.com>
Date: Fri Mar 28 2003 - 12:36:23 EST


Looking for some feedback on IntruVert. I have a client that is evaluating IntruVert in the lab and has been getting a lot of false positives on their network. They are afraid to put IntruVert into the IPS mode, of actually stopping traffic based on false positives. Gartner Group has claimed that everyone is moving from Detection to Prevention, but if the underlying technology has this many flawed signatures, I do not see how anyone can confidently use it and start blocking all attacks.  

Has anyone put IntruVert into full Prevention mode and what were the effects? I have not heard of anyone actually using IntruVert's prevention mode, but mostly as an IDS.

While it seems that many IDS/IPS reviewers rank and measure finding attacks high, it would seem equally if not, more important to rank false positives high especially in Prevention mode. Is there any reviewers that have compared the false positives and false alarms of all the IDS/IPS products? Has anyone here compared false positives of Introvert, Snort, Cisco, RealSecure, etc?

Thanks in advance!


Samuel Cure
KPMG
Risk and Advisory Services (RAS)-Atlanta Phone: 404.222.3043
Fax: 404.222.7740
Cell: 404.861.9436
mailto:scure@kpmg.com

The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.


ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71 Received on Fri Mar 28 13:00:12 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:10 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library