Re: [Emerging-Sigs] Surprised by snort classtype.

["evilghost () packetmail net" <evilghost () packetmail net>]

I was going to sit on the sidelines for this one since Matt already 
covered it. Jerry, I've found that things like this can certainly 
influence a purchase decision, especially when higher-level management 
is involved. Arguing the technical merits of a product is often 
impossible once a negative non-enterprise perception exists. Guise is at 
fault for "not scrubbing the bits" but this nomenclature, legacy or not, 
persists in the current Snort manual and is not something I would want 
or expect in an enterprise class product.

Got to be careful with the live data...

-evilghost

Jerry wrote:
> Hi Guise,
>
> Guise McAllaster napsal(a):
>   
> > Gents,
> >
> > Yesterday I was tasked with giving an executive level presentation to the
> > CISO and CFO 
> >     
>
> I expect someone from SourceFire folks might get an explanation for 
> these legacy signatures.
>
> As for Snort enterprise failure. I wonder if you're looking for  leading 
> IPS vendor to protect your company or you give up and choose IDS 
> according to "it seems cool". It seems ridiculous to me evaluating the 
> benefit of SF IPS by classification names.  I wonder if shellcodes, 
> exploits and such things matter in your choice and choice of your C* 
> management. In my opinion "Enterprise-Ready" IPS should be able to 
> detect, block, alert and log threats. Rejecting "Snort" for "not cool 
> sound of alerts" sounds to me like "not purchasing certain type of car 
> because of the color the radio has".
>
> When you're evaluating something for your company, I'd expect you using 
> all possible knowledge and skills for that before. You can easily get 
> rid of such signatures by simply disabling and ignoring them.... or you 
> can change them in something that really does not offend your superiors.
>
> If you've used all your skills to enable such signatures (I believe they 
> are disabled by default) in my opinion you can't blame SF for that.  It 
> has been your choice and your decision that brought those signature in 
> front of your superiors.
>
> Regards
>
> Jerry
>
>
>
>   

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs