Re: Announcement: Alert Verification for Snort

From: Michael Sierchio (kudzu_at_tenebras.com)
Date: 10/24/03

  • Next message: Ron Gula: "Re: Announcement: Alert Verification for Snort"
    Date: Thu, 23 Oct 2003 19:28:43 -0700
    To: Martin Roesch <roesch@sourcefire.com>
    
    

    Martin Roesch wrote:

    > Yes. Separating the wheat from the chaff is becoming increasingly
    > important in IDS as we all know, I'll be interested to see how the
    > different techniques and approaches people are using to address this
    > problem actually work in production.

    Judgement and discrimination require human intervention. When I
    hear those who say things akin to "intrusion detection doesn't
    work," I think of the story of the guy who returned a violin
    to the music store with the complaint, "this violin doesn't
    play Mozart."

    I like your term "nontextual" -- and the implication that
    there's no substitute for an assessment of the assets we are
    placing at risk, what their vulnerabilities are, what the
    (known) threats are, etc. Managers want "plug and play"
    because they have so little respect for our profession ;-)

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
    and use priority code SF4.
    ---------------------------------------------------------------------------


  • Next message: Ron Gula: "Re: Announcement: Alert Verification for Snort"

    Relevant Pages

    • RE: CEH and Intense School
      ... Q-How many times has this course been delivered ... You want more than 4 to know the bugs are ironed out in labs and so on. ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Pen-Test)
    • RE: New Trojan
      ... and discovered that there is an option to scan ADS, ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • RE: Probable Trojan.
      ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ... Don't miss RSA Conference 2004! ... Choose from over 200 class sessions and ...
      (Incidents)
    • Re: strange ftp site
      ... >Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ... Learn more or register at ... >and use priority code SF4. ...
      (Incidents)
    • Re: Pen-testing remote VPN services over IP
      ... Check out IKEcrack from Anton Rager. ... >Chris McNab ... >Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Pen-Test)