Comment Re:Dshield and myNetwatchman (Score 1) 159
Actually, no, they don't do the same thing at all. They report activity, and if you provide complete network dumps someone may, at some time, get around to trying to figure out what you saw.
WormRadar specifically looks for attacks, not just plain old traffic. When something known comes along, it logs it...that part is the same as DShield or myNetwatchman. But when something entirely new comes along, it packages it up and sends it off to Rog. He correlates reports of new things from the instant any one WormRadar node sees it. So, if 10 minutes later another node in a different region sees the same new thing, it gets logged and isn't reported as a new thing.
With a copy of the worm in his hands, Rog is capable (more than capable) of dissecting it and figuring out what it does, how it works, what we might expect from it, etc...
Finally, because of his AV contacts, he's able to get anything new into all of the right hands so everyone can get definitions to detect it.
WormRadar specifically looks for attacks, not just plain old traffic. When something known comes along, it logs it...that part is the same as DShield or myNetwatchman. But when something entirely new comes along, it packages it up and sends it off to Rog. He correlates reports of new things from the instant any one WormRadar node sees it. So, if 10 minutes later another node in a different region sees the same new thing, it gets logged and isn't reported as a new thing.
With a copy of the worm in his hands, Rog is capable (more than capable) of dissecting it and figuring out what it does, how it works, what we might expect from it, etc...
Finally, because of his AV contacts, he's able to get anything new into all of the right hands so everyone can get definitions to detect it.
