Behavior based tools

SheepExplode · Cadet Joined: Jun 02, 2004 Posts: 4 Location: USA

So there is the Cisco Secure Agent, ISS has something they call Proventia Intrusion Prevention, Microsoft announced they will be coming out with a behavior based tool next year and lets not forget PivX's Qwik-Fix Pro. Does anyone have details on the differences between all these products? How they differ, how they are alike, who uses what technology, whose is better? I know that you can bypass the CSA using a shatter attack, and common sense says that if you use a tool that is controlled by a computer that expects certain behavior and stops any unexpected behavior with a few more steps I could bypass this model, I as an admin have the ability to copy, delete, request traffic on port 21 or 80, map a network drive, delete files on a network drive, copy files to a mapped drive, etc. So I guess my real question is is this just a fad wrapped in a lot of jargon? Are we going to see the "new security" model defeated like CD write protection? Why should I spend $100k to buy something that some kids or spyware companies are going to defeat?

Regards.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 764 pages served in previous 5 minutes. Page Rendered: 0.576 seconds.