Snort mailing list archives

Malware Sigs Plus Vuln Sigs or Vuln Sigs Only

From: "Nolan, Tim" <NolanTim () bfusa com>
Date: Thu, 3 Feb 2011 09:09:16 -0600

I typically do not post much online. It is amusing to watch the ranting and frothing and poking that go on in some of 
these forums, and picking out the good bits of useful info (eating the watermelon and spitting out the seeds).

In my opinion Matt Jonkman is right in his general premise, and many of those who resist adding malware sigs/rules and 
the like perhaps don't even really know what they are missing.

In my opinion, the way forward is more signatures, more reputation feeds, and more threat intelligence aimed at both 
the detective and protective side of the equation. As long as it is timely and accurate, we will be enabled to do our 
jobs better, more proactively, and with a shorter interval between infection and effective response, and less systems 
will be infected as a result.

Thanks Joel and Matt for your entertaining exchange of helpful information, etc.. You guys rock and are both moving the 
ball down the field in the right direction and doing awesome things to help the security community. Keep up the good 
work.


Timothy J. Nolan

BABT Enterprise Information Security
Bridgestone Americas, Inc.
535 Marriott Drive, 4th Floor
Nashville, TN  37214
office: (615) 937-6059
fax:      (615) 937-6133
nolantim () bfusa com<mailto:nolantim () bfusa com>

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Malware Sigs Plus Vuln Sigs or Vuln Sigs Only Nolan, Tim (Feb 03)
- Re: Malware Sigs Plus Vuln Sigs or Vuln Sigs Only Joel Esler (Feb 03)