Comparing Intrusion Detection Tools using Generic Vulnerability Categories

Any organisation connected to the Internet that is serious about security cannot be without an intrusion detection system (IDS) these days. Is one IDS sufficient to cover all possible vulnerabilities in a network? In a sea of security products available today, which IDS tool(s) will be sufficient for your organisation’s needs? The only way to find out is to compare various IDS tools with each other. But how? Each IDS tool has a vulnerability database containing hundreds of known vulnerabilities it scans for to resolve the vulnerabilities it has found. Not one IDS tool contains the same number of vulnerabilities it scans for. In addition, many vulnerabilities that are present in the vulnerability database of a specific IDS are also present in the vulnerability databases of other IDS tools. In other words, many IDS tools scan for the same vulnerabilities. On the other hand, certain IDS tools scan for unique vulnerabilities. This paper suggests the method of using generic vulnerability categories, which may act as a standard in comparing IDS tools. 2 H.S. VENTER ([email protected]) J.H.P. ELOFF ([email protected])