Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 5 Feb 2015 18:08:38 +0000
On Jan 28, 2015, at 11:45 PM, lists () packetmail net<mailto:lists () packetmail net> wrote: On 01/28/2015 06:36 PM, Joel Esler (jesler) wrote: What do I need to throw in there? Again -- not hostile: All of it? Otherwise it's a false economy of information exchange? IMHO if I were your customer I'd rather pay you for what you can tell me tomorrow not for what you withhold today unless I pay. Transparency forges trusts, increases FOV, polarizes peer review, and fosters community benefit. Closed signature-based models, while they have their market value, create a false valuation around response to known threats and delude management and Info Sec Ops into believing they're actually addressing security threats when they're actually doing nothing more than validation of true-positive over false-positive. Positively polarize the community for good and you've increased your FOV significantly. I mean, seriously, this is Upatre -- who hasn't seen a Dyre/Dridex campaign this week dropped by Upatre? Upatre is similar to someone trying to break your door down using bottle rockets and whistling petes. Understood Nathan, and that’s what the community ruleset was formed for. This exact scenario. The Community ruleset was forged, largely out of conversations between you and me about these exact issues. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27, (continued)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Jeff Stebelton (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Jamie Riden (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Mike Hale (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 lists () packetmail net (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 lists () packetmail net (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 lists () packetmail net (Jan 28)
- Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Feb 05)