News Release for 10th November 2014
Open Source IDS Rules Comparison Report - November 2014
We regularly assess the capability of the available Open Source IDS rule sets to detect our traffic files, to highlight the necessity of a multi vendor approach for obtaining rules.
Each rule set is tested in various configurations with the last three month's worth of exploit traffic files from Traffic IQ™ Professional, totalling 509 traffic files for August, September and October. The aim of the tests are to compare the detection capabilities of each rule set for recently discovered threats.
Results for November 2014
- Open Rule Sets loaded with the default policies provided poor detection and protection capability against Traffic IQ™ attack files, stopping only 42% of the exploit traffic
- VRT provided the best protection as a stand alone rule set, but still only provided 58% protection when all rules were turned on.
- Combining VRT and ET rule sets only increased the protection capability by 12%, in comparison to VRT as a stand alone rule set.
For detailed results and further info, download the full PDF report...
|Open Source IDS Rules Comparison Report - November 2014|