I apologize ahead of time for the marketing fluff in this post, I promise the next several posts after this will be much heavier on the tech and the cool. However, I just couldn't let this one go and neither could any of the Sourcefire VRT.
Today we got an anonymous email with the following pictures in them.
Now I know that whenever a marketing department makes a slide for a competitive package, it always makes them out to be the best. But this falls far from reality, these guys have Cisco over Sourcefire. Nothing wrong with Cisco, they make good routers and switches, but other than awesome comic book flash movies (therealm) and cool phones on 24 that's about it. They definitely didn't beat the VRT for 2008 MS Vulnerability coverage. (side note, there were 143 cve's from MS in 2008 not 140 - but who's counting?) (side side note there were 153 cve's issued total 10 were locals, and since we are a Network IPS we dropped those from the count)
Therefore I call these numbers into question, and I will now provide my own numbers, diligently researched by Alex Kirk (Sourcefire VRT, not marketing guy). This uses the same rules as provided in the first image above using grep and CVE references against available coverage data. Note: Only had TippingPoints and ours available so we didn't restate the other vendors numbers.
Additionally since the negative day response time thing is statistically silly at best, we calculated this number on our side by utilizing prior coverage detection. This included ms08-067 and MS08-052 which are detected by rules released in early 2006 or prior. It would be more statistically correct to give all prior coverage dates a value of 0, as negative numbers skew this data significantly. If we used this metric our response time would be .23 or essentially day 0 detection.
int static_key_1 = 0x82056842;