Spire Security News and Views
Spire Security is a market research and analysis firm dedicated to bringing clarity to the information security world. This is Pete Lindstrom's blog - focused on providing analysis and insight to the happenings of the day, current security trends, and missing pieces to the information security puzzle.
Home
Spire Security Homepage

Subscribe to "Spire Security News and Views" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog. 		 

 

Friday, March 05, 2004
 

False Positives: No Mistake

I have had many conversations over the years about false positives - are they really false positives, which ones are important, can we ever get to a point where there are none left, what about false negatives, etc. One of the interesting history tidbits that often comes up is just how ecstatic the IDS vendors were when they could go to an enterprise, plug an IDS into the network, and have it start popping like a popcorn popper with all of the alerts out there. I am sure this characteristic helped IDSes sell a lot of new boxes. Alas, the tide turns (and Snort comes out with configurable rules) and false positives, which everybody thought were real alerts, have been given the black eye they deserve.

This is a great learning experience for anyone out to sell products - you must really consider the nature of what you are doing and allow it to demonstrate its own value proposition legitimately, otherwise it may come back to haunt you. IDS solutions have come a long way since the era of false positives, and yet we still have people who consider them useless, even dead. Not true, even a little bit. Just people living in the past.


3:14:39 PM    comment []

Ignorance vs. Negligence

One of the key roadblocks to overcome in the security space is a basic level of comfortable ignorance ("I know there is probably something going on, but if I am careful I can stay out of it"). You see, anytime a new solution comes along it tends to create more insight into everything that is potentially wrong. Like an ostrich pulling his head out of the sand only to be staring into the barrell of a hunter's rifle. (I am sure there are lawyers out there who will explain that even ignorance is not an excuse for negligence, but hopefully you get my point.)


2:47:11 PM    comment []

Click here to visit the Radio UserLand website. © Copyright 2004 Pete Lindstrom.
Last update: 5/28/2004; 4:48:02 PM.
This theme is based on the SoundWaves (blue) Manila theme.
March 2004
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
Feb   Apr


Start-up takes a crack at blocking hackers
Securing XML
Security tool more harmful than helpful?
Firms Dig for Rivals' Software Flaws
Security product flaws attract attackers
T-Mobile Woes
Security Appliance Form Factors
Howard Stern's Website
Private Information Stolen from Providence, Utah, Office Computers
Credit agency reports security breach
If a tree falls in the woods
Matchstick Men
A Method for Protecting against E-voting Fraud
Guess What I am not Buying?
Thanks for Ruining my Sunday
Don't Rain on my Parade
Urban Legends in Security: Vulnerability to Exploit Period
Surviving the Insider Threat
Slammed by the Wall Street Journal
Email Notice: Politeness Earns Points
Plaxo, Orkut, LinkedIn and Email Invitations in General
Anti Anti-Spam: Email Backlash
False Positives: No Mistake
Ignorance vs. Negligence
A Patch in Time
The Cost of Prevention
A Bit of Pandering?
Spire Security MadLib