Re: question :: interest in testing SENF preprocessor for Snort?

["Beasley, Cam" <cam () utexas edu>]

hi Joel --

we've found it works 1000% better.. it doesn't crush you with false positives and doesn't waylay your sensor if your 
flows are 10-20Gbps.

we've deployed this across a state-wide network serving over 800,000 endpoints we monitor.  the major egress points 
average 15Gbps and burst upwards of 40Gbps..
the false positive rate for SF's solution is in the 100K/day range for us..  our preprocessor is in the couple dozen 
range/day and it is extremely accurate.
we've been using this since 2007 to serve higher education institutions, hospitals, municipalities, etc.

we believe it is proven and ready for others to test drive.

~cam.

On Jul 25, 2013, at 2:24 PM, Joel Esler <jesler () sourcefire com> wrote:

> How is this different than the Sensitive Data preprocessor that is already
> built into Snort?
>
>
> On Thu, Jul 25, 2013 at 2:44 PM, Beasley, Cam <cam () utexas edu> wrote:
>
> > all --
> >
> > we've developed what we think to be a very efficient and effective Snort
> > preprocessor for identifying SSNs, CCNs, MRNs (Medical Record Numbers), and
> > other personally identifiable strings of data and we are wondering if there
> > are any others who might be interested in testing this out with us.
> >
> > we've been running this on Sourcefire appliances serving networks that
> > steadily operate at 20+Gbps since 2007 with great results..  we've managed
> > to keep the false positive rate extremely low and the preprocessor adds
> > minimal load to the sensors -- plus it outperforms the existing snort dlp
> > preprocessor by good deal.
> >
> > we're looking for a few testers who we would extend a customer license to
> > at no cost.  we'll help you get the preprocessor setup and we'd simply ask
> > that you tell us how it performs for you.
> > we'd like to get at least two open source snort users and one Sourcefire
> > user.
> >
> > feel free to contact me offline if you have questions or would like to
> > participate.
> >
> > thanks,
> >
> > ~cam.
> >
> >
> >
> > Cam Beasley
> > Chief Information Security Officer
> > Information Security Office | UT Austin
> > cam () utexas edu | 512.475.9476
> > http://security.utexas.edu
> > ===============================
> >
> >
> > ------------------------------------------------------------------------------
> > See everything from the browser to the database with AppDynamics
> > Get end-to-end visibility with application monitoring from AppDynamics
> > Isolate bottlenecks and diagnose root cause in seconds.
> > Start your free trial of AppDynamics Pro today!
> > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > http://www.snort.org
> >
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
> -- 
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire

Attachment: smime.p7s
Description:

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!