[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: RE: More on EMERALD

To: b.g.miller <b.g.miller@home.com>
Subject: Re: IDS: RE: More on EMERALD
From: Alfonso Valdes <valdes@csl.sri.com>
Date: Fri, 25 Aug 2000 19:59:03 -0700
Cc: "Meritt, Jim" <Jim.Meritt@wang.com>, idsuow <ids@uow.edu.au>
Reply-To: emerald@csl.sri.com

The operative word in the message below is "a number of years ago".  Before 
Teresa left for DARPA would have been ca. 1995.

To say that "little has changed" is inaccurate. Our architecture of 
distributed lightweight sensors, and our use of both signature and
probabilistic methods, is unique.  Most recently our components were fielded 
side by side with commercial system "Brand X" in a
government setting, and we stood up quite well, thank you.

I understand skepticism, but I invite you to download the Solaris monitor 
TODAY,

http://sdl.sri.com/emerald/releases/eXpert-BSM/

and try it out.  We will shortly come out with a suite of host and network 
sensors, using signature and probabilistic techniques,
listening at various points in the enterprise, and managed from a common 
interface.  EMERALD is the leader in breadth of coverage and
diversity of inference techniques.  Stay tuned to the web site.

"b.g.miller" wrote:

> Paul Proctor (the original developer of CMDS) and I evaluated the earliest 
>incarnations of the SRI project - IDES and NIDES under a
> Navy study a number of years ago (before Teresa Lunt left for DARPA).  I 
>have to say, on face value, that it appears that very
> little has changed as far as system architecture or detection approach.  At 
>the time we evaluated it as a sound product with great
> potential, but sorely lacking in the human factors end of things.  A Los 
>Alamos Labs effort called "Wisdom & Sense" was the only one
> we rated higher.
>
> Bobby Miller
> Information Assurance Consultant
> DynCorp Information Systems
>
> "Meritt, Jim" wrote:
>
> > Archive: http://msgs.securepoint.com/ids
> > FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > HELP: Having problems... email questions to ids-owner@uow.edu.au
> > NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> > SPAM: DO NOT send unsolicted mail to this list.
> > UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> > 
>-----------------------------------------------------------------------------
> > Has anyone outside of SRI evaluated this thing?  How might I see what THEY
> > said?  Nothing against SRI or DARPA, but I'd really like to see some
> > independent (from the developer/pay the bills) information...
> >
> > Jim
> >
> > _______________________
> > The opinions expressed above are my own.  The facts simply are and belong 
>to
> > none.
> > James W. Meritt, CISSP, CISA
> > Senior Secure Systems Engineer at Wang Government Services, Inc.
> >
> > > -----Original Message-----
> > > From: Alfonso Valdes [mailto:alfonso.valdes@sri.com]
> > > Sent: Thursday, August 24, 2000 8:07 PM
> > > To: idsuow
> > > Subject: IDS: More on EMERALD
> > >
> > >
> > > Archive: http://msgs.securepoint.com/ids
> > > FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> > > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > > HELP: Having problems... email questions to ids-owner@uow.edu.au
> > > NOTE: Remove this section from reply msgs otherwise the msg
> > > will bounce.
> > > SPAM: DO NOT send unsolicted mail to this list.
> > > UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> > > --------------------------------------------------------------
> > > ---------------
> > > Please visit our website http://www.sdl.sri.com/emerald/
> > > for more information about the EMERALD project.
> > >
> > > Currently, the only component available for download is our host-based
> > > monitor for Solaris, called eXpert-BSM. However, we plan to release
> > > evaluation versions of several other EMERALD components later
> > > this year,
> > >
> > > including a probabilistic anomaly detection monitor for
> > > network traffic
> > > and a suite of signature-based network monitors.
> > >
> > > The EMERALD Development Project Team
> > > System Design Laboratory, SRI International
> > > emerald@sdl.sri.com
> > >
> > >

    [ Part 2, "Card for Alfonso Valdes"  Text/X-VCARD (Name: ]
    [ "valdes.vcf")  11 lines. ]
    [ Unable to print this part. ]

Prev by Date: IDS: Cybersight File Scanning Tool
Next by Date: Re: IDS: RE: More on EMERALD
Prev by thread: Re: IDS: RE: More on EMERALD
Next by thread: Re: IDS: RE: More on EMERALD
Index(es):
- Date
- Thread