Snort mailing list archives
Re: question :: interest in testing SENF preprocessor for Snort?
From: "Beasley, Cam" <cam () utexas edu>
Date: Fri, 26 Jul 2013 03:46:56 +0000
hi Joel -- we've found it works 1000% better.. it doesn't crush you with false positives and doesn't waylay your sensor if your flows are 10-20Gbps. we've deployed this across a state-wide network serving over 800,000 endpoints we monitor. the major egress points average 15Gbps and burst upwards of 40Gbps.. the false positive rate for SF's solution is in the 100K/day range for us.. our preprocessor is in the couple dozen range/day and it is extremely accurate. we've been using this since 2007 to serve higher education institutions, hospitals, municipalities, etc. we believe it is proven and ready for others to test drive. ~cam. On Jul 25, 2013, at 2:24 PM, Joel Esler <jesler () sourcefire com> wrote:
How is this different than the Sensitive Data preprocessor that is already built into Snort? On Thu, Jul 25, 2013 at 2:44 PM, Beasley, Cam <cam () utexas edu> wrote:all -- we've developed what we think to be a very efficient and effective Snort preprocessor for identifying SSNs, CCNs, MRNs (Medical Record Numbers), and other personally identifiable strings of data and we are wondering if there are any others who might be interested in testing this out with us. we've been running this on Sourcefire appliances serving networks that steadily operate at 20+Gbps since 2007 with great results.. we've managed to keep the false positive rate extremely low and the preprocessor adds minimal load to the sensors -- plus it outperforms the existing snort dlp preprocessor by good deal. we're looking for a few testers who we would extend a customer license to at no cost. we'll help you get the preprocessor setup and we'd simply ask that you tell us how it performs for you. we'd like to get at least two open source snort users and one Sourcefire user. feel free to contact me offline if you have questions or would like to participate. thanks, ~cam. Cam Beasley Chief Information Security Officer Information Security Office | UT Austin cam () utexas edu | 512.475.9476 http://security.utexas.edu =============================== ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- question :: interest in testing SENF preprocessor for Snort? Beasley, Cam (Jul 25)
- Re: question :: interest in testing SENF preprocessor for Snort? Joel Esler (Jul 25)
- Re: question :: interest in testing SENF preprocessor for Snort? Beasley, Cam (Jul 25)
- Re: question :: interest in testing SENF preprocessor for Snort? Joel Esler (Jul 25)