Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?

From: Martin Roesch <roesch () sourcefire com>
Date: Sat, 19 Mar 2011 20:40:42 -0400
On Saturday, March 19, 2011, evilghost () packetmail net
<evilghost () packetmail net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/19/11 11:44, Jason Brvenik wrote:

If you really want to start to solve that problem have a look at our
latest acquisition, Immunet (It is free BTW) -
http://www.immunet.com/main/index.html


I'm always weary when a security vendor offers panacea, especially when said
panacea depends on the number of participants in the solution.  This model
doesn't work quite so well in the spam arena and I doubt malware to be much
different.  A hostile endpoint serving up multi-packed goodness, generated on a
per host basis, seems like one very easy way to defeat this system (if I
understand it correctly)


It works exceedingly well at this particular scenario due to it's
design. The people who designed it did so as a response to how
ineffectual classic AV models have become.  It is a "clean sheet"
approach to solving the problem and we did the acquisition after we
saw just how powerful the approach is.


In practice, how well does this work when you're the first guy to get nailed
with fun?


Very.


Curious...  I like using the best tool for the job and defense and depth and to
assign all malware to a HIDS is presumptuous and perhaps misplaced faith.


It's free so you can check it out anytime.

Marty





-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: