looking for IDS's based on network behavior analysis - Firewalls

This is a discussion on looking for IDS's based on network behavior analysis - Firewalls ; Hello all! I'm doing a comparative study amongst IDS's that works with Network Behavior Analysis (NBA) also known as Traffic Anomaly Based and I would like to know if any of you guys suggest some tools for my work, or ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: looking for IDS's based on network behavior analysis

  1. looking for IDS's based on network behavior analysis

    Hello all!



    I'm doing a comparative study amongst IDS's that works with Network
    Behavior Analysis (NBA) also known as Traffic Anomaly Based and I
    would like to know if any of you guys suggest some tools for my work,
    or a list, preferentially.

    The desirable qualities are:



    - not commercial (at least with an evaluation period)

    - can work in off line mode with trace repositories (not necessarily)



    If anybody wants to change some information plz contact me, I can also
    show what I've got until now...



    Thanks a lot!



    Gustavo


  2. Re: looking for IDS's based on network behavior analysis

    On Oct 24, 8:44 am, Gustavo wrote:
    > Hello all!
    >
    > I'm doing a comparative study amongst IDS's that works with Network
    > Behavior Analysis (NBA) also known as Traffic Anomaly Based and I
    > would like to know if any of you guys suggest some tools for my work,
    > or a list, preferentially.
    >
    > The desirable qualities are:
    >
    > - not commercial (at least with an evaluation period)
    >
    > - can work in off line mode with trace repositories (not necessarily)
    >
    > If anybody wants to change some information plz contact me, I can also
    > show what I've got until now...
    >
    > Thanks a lot!
    >
    > Gustavo



    Check this new software-only NBA system: http://www.akmalabs.com

    Al


  3. Re: looking for IDS's based on network behavior analysis

    Gustavo wrote:

    > Hello all!
    >
    >
    >
    > I'm doing a comparative study amongst IDS's that works with Network
    > Behavior Analysis (NBA) also known as Traffic Anomaly Based and I
    > would like to know if any of you guys suggest some tools for my work,
    > or a list, preferentially.



    I'd recommend you to do a comparative study for running or not running such
    an IDS at all. For most companies the practical trial has shown that running
    such an IDS requires a lot of effort, at least two full-time hired
    professionals and achieving very little security.

    Better wait 10 years until the log analysis have improved to a sufficient
    level of intelligence on automation.

  4. Re: looking for IDS's based on network behavior analysis

    Consider an IPS (Intrusion Prevention System). Some are IDSs with some
    expanded functionality and others are ground up built to go in-line.
    Check latency and throughput along with attack coverage and timeliness.

    IDSs are OK if as noted below you have lots of time OR have a specific
    need for forensics analysis (but at the cost of actually stopping anything).

    Some IPSs have integrations with NBAD vendors such as Mazu or Lancope.
    NBAD is good for the "low and slow" attacks and IPS for standard network
    security.

    Good Luck.

    -BG

    Sebastian G. wrote:
    > Gustavo wrote:
    >
    >> Hello all!
    >>
    >>
    >>
    >> I'm doing a comparative study amongst IDS's that works with Network
    >> Behavior Analysis (NBA) also known as Traffic Anomaly Based and I
    >> would like to know if any of you guys suggest some tools for my work,
    >> or a list, preferentially.

    >
    >
    > I'd recommend you to do a comparative study for running or not running
    > such an IDS at all. For most companies the practical trial has shown
    > that running such an IDS requires a lot of effort, at least two
    > full-time hired professionals and achieving very little security.
    >
    > Better wait 10 years until the log analysis have improved to a
    > sufficient level of intelligence on automation.


  5. Re: looking for IDS's based on network behavior analysis

    On Nov 6, 9:30 pm, bg wrote:
    > Consider an IPS (Intrusion Prevention System). Some are IDSs with some
    > expanded functionality and others are ground up built to go in-line.
    > Check latency and throughput along with attack coverage and timeliness.
    >
    > IDSs are OK if as noted below you have lots of time OR have a specific
    > need for forensics analysis (but at the cost of actually stopping anything).
    >
    > Some IPSs have integrations with NBAD vendors such as Mazu or Lancope.
    > NBAD is good for the "low and slow" attacks and IPS for standard network

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    That's not entirely correct with modern NBADs. Yes, the old ones
    suffered this problem but
    many modern ones have a "resolution" as high as 1 minute. I'd not call
    it too slow.
    As such, they're valuable additions to IDS/IPS defenses (that have
    their shares of problems too).

    Best,

    S.


+ Reply to Thread