Snort mailing list archives
Re: [Emerging-Sigs] Surprised by snort classtype.
From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Tue, 19 Jan 2010 12:29:41 -0600
I was going to sit on the sidelines for this one since Matt already covered it. Jerry, I've found that things like this can certainly influence a purchase decision, especially when higher-level management is involved. Arguing the technical merits of a product is often impossible once a negative non-enterprise perception exists. Guise is at fault for "not scrubbing the bits" but this nomenclature, legacy or not, persists in the current Snort manual and is not something I would want or expect in an enterprise class product. Got to be careful with the live data... -evilghost Jerry wrote:
Hi Guise, Guise McAllaster napsal(a):Gents, Yesterday I was tasked with giving an executive level presentation to the CISO and CFOI expect someone from SourceFire folks might get an explanation for these legacy signatures. As for Snort enterprise failure. I wonder if you're looking for leading IPS vendor to protect your company or you give up and choose IDS according to "it seems cool". It seems ridiculous to me evaluating the benefit of SF IPS by classification names. I wonder if shellcodes, exploits and such things matter in your choice and choice of your C* management. In my opinion "Enterprise-Ready" IPS should be able to detect, block, alert and log threats. Rejecting "Snort" for "not cool sound of alerts" sounds to me like "not purchasing certain type of car because of the color the radio has". When you're evaluating something for your company, I'd expect you using all possible knowledge and skills for that before. You can easily get rid of such signatures by simply disabling and ignoring them.... or you can change them in something that really does not offend your superiors. If you've used all your skills to enable such signatures (I believe they are disabled by default) in my opinion you can't blame SF for that. It has been your choice and your decision that brought those signature in front of your superiors. Regards Jerry
------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Surprised by snort classtype... Guise McAllaster (Jan 19)
- Re: Surprised by snort classtype... Matt Olney (Jan 19)
- Message not available
- Re: [Emerging-Sigs] Surprised by snort classtype. evilghost () packetmail net (Jan 19)