Why idappcom Rules?
Based on real live exploits, Expert Research, Intelligence, and Years of Experience
When comparing the Idappcom Snort/Suricata compatible ruleset with other prevention and detection options, you'll want to consider questions like:
- How long the effective life of the Malware is, does today's malware morph into something else the next day?
- How complete is the other security intelligence, is it volume for volume sake?
- Does the ruleset protect mainly against malware to get 'impressive' numbers, or does it also cover the actual working exploits that are real security concerns?
- Can the ruleset run on Snort and Suricata and any IDS platform based on these engines?
- Does your ruleset detect 100% of the real exploits, or only 30% of them?
- How do you know the ruleset really is detecting an exploit, does your supplier give you the choice of an industry leading pen testing tool and the actual PCAPs to test, tune and refine with?
- Does your supplier give you a management tool to import rules from multiple sources, edit, copy, create, select according to your criteria validate and filter rules with duplicated functionality?
- Does your supplier give you the tool to manage deployment for rules over multiple sensors?
When it comes to questions like these, Idappcom ruleset and Easy Rules Manager is the clear choice. When testing Snort and Suricata with actual PCAPs from real live exploits, the Idappcom ruleset increases the detection rate, over other popular rules, by 61%.
Accurate and appropriate Updates
Idappcom rules are researched by a dedicated team who prove the exploit exists, works and is in the wild, then they are published to select vendors to include in their device updates. We can assure you that not all rules are published by the vendors, mainly due to performance constraints, and not all vendors use our rules of course. So, to have complete peace of mind you need Idappcom rules management and our pen testing tools to reduce your risks.
The issue is defining and understanding the difference between actual exploits, and malware, versus blacklists. When you get that you can start to see the effectiveness of the rules against the usefulness of the blacklists. You need both, but you need to manage them both and not get into a numbers game.
Our unmatched library of current and historical exploit information (close to 12,000 actual proven exploits), is constantly updated with new PCAPs. It is this testing experience used by all the top IPS/NGFW vendors that gives us a complete platform for building our comprehensive detection and prevention rules. It is our IQ that provides the basis for the rules, and the feedback from the top vendors that helps us to hone those rules to perfection.
In addition to offering the most complete exploit detection and prevention coverage, Idappcom includes protection against not just the exploitable vulnerabilities (as opposed to vulnerabilities that have no exploit!), but the many variants and morphing of those exploits making it a full-featured rule set. We do not try to guess what an exploit might look like for a vulnerability that really has no exploit. Just look at the informative CVE database and analyse how many CVE's have an exploit, not many.
As a platform-agnostic product, Idappcom Rulesets work on SNORT®, Suricata, and many other IDS platforms, even in combination. With Idappcom you get truly thorough and comprehensive coverage trusted by the top IPS/NGFW vendors in the world.