[Owasp-appsensor-project] NIST SP 800-137 Initial Public Draft "IS Continuous Monitoring..."

Kevin W. Wall kevin.w.wall at gmail.com
Mon Mar 14 14:44:35 EDT 2011


On 03/14/2011 04:57 PM, Colin Watson wrote:
> I've had two direct replies saying "yes" so far... but one other thought:
> 
> I refer to this as "application-layer intrusion detection and
> response".  I wonder if we should try to differentiate it more from
> IDPS (intrusion detection and prevention systems).  Perhaps just
> "application attack detection and response", and weave the phrases
> "attack aware" and "proactive defense" into the text somewhere?

Colin,

FWIW, I refer to something like this as "application *specific*" rather
than "application *layer*". To me, the latter implies a generic
"layer 7" (on the ISO OSI stack) IDPS. AppSensor is *specific* to
an application. For instance, I can have multiple war/ear files (i.e.,
multiple apps) deployed on a single JavaEE app server and AppSensor
might only be on some.

Not sure if that his helpful or not, but thought I'd at least toss it
out there and see what the rest of you thought.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the Owasp-appsensor-project mailing list