FLASH FYI: SANS Tool Talk Webcast on True Intrusion Prevention
Results 1 to 8 of 8

Thread: FLASH FYI: SANS Tool Talk Webcast on True Intrusion Prevention

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    Exclamation FLASH FYI: SANS Tool Talk Webcast on True Intrusion Prevention

    Going on right now: https://www.sans.org/webcasts/show.php?webcastid=90705

    Put on by SourceFire - creators of Snort. http://www.sourcefire.com/

    Slides available too - you have to sign up/in to get them... or is it legal for me to post it meah? Always get confused on that.

    Update: some marketing - as can be expected - but still some good information.

    Update2: presentation is over - here is one link I can provide if interested in learning more about this topic: http://www.snort.org/docs/industry/A...ulouse2004.pdf
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    I find that many people are interested in IPS but very few are actually using it in production environments. The most cited reasons for not using it is interruption in availability of critical resources in the event of a false positive hit.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    I find that many people are interested in IPS but very few are actually using it in production environments. The most cited reasons for not using it is interruption in availability of critical resources in the event of a false positive hit.
    Yes I agree. They spoke to that in the presentation - obviously highlighting that their product would work to create "micro-policies" in an environment, or across environments to circumvent that; by "intelligently" scanning the enterprise then deriving a micro-policy from that - so that the enterprise's resources are not constantly being robbed. I think first, however, and as you have stated many times before, organizations need to perform a risk assessment in regards to technology and how that technology interfaces with their business before throwing random tools into the mix to address a potential problem. I will say however, that the presentation was more informative that I thought it would be and not so much marketing hype - that was saved for the second to last slides at the end.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Ive always found that most people just dont know how to use app's like snort, so end up not bothering with it.

    Hell, I have even seen someone trying to install it on his home Windows 98 PC! that was funny!

    I found it a hard application to learn but well worthwhile.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    organizations need to perform a risk assessment in regards to technology and how that technology interfaces with their business before throwing random tools into the mix...
    This can be boiled down to, "Process, not product."

    Feel free to use it. Heh.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    This can be boiled down to, "Process, not product."

    Feel free to use it. Heh.
    Hrmmm... you're a smart one you are - but a few people beat ya on making it a quote:

    http://www.cioinsight.com/article2/0...1867056,00.asp

    http://www.schneier.com/crypto-gram-0005.html From Bruce Schneier's website talking about security being a process - not a product.

    But, but - it's still cool and effective - and wihout your post I wouldn't have known to thinkg about it or look it up. So you're still a genius. 'Course - they could have just been quoting you the whole time - which is definitely possible. And I am gonna use it - in fact just did to my boss's boss. He loves it when I tell him that stuff! Thanks much!
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  7. #7
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    I'm listening to the webcast now, it's very good by the way.

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    But, but - it's still cool and effective - and wihout your post I wouldn't have known to thinkg about it or look it up. So you're still a genius. 'Course - they could have just been quoting you the whole time - which is definitely possible. And I am gonna use it - in fact just did to my boss's boss. He loves it when I tell him that stuff! Thanks much!
    LOL, yes, C level folk love catchy phrases.

    I've been saying this for about 10 years now. It's certainly possible that someone else said it too. I've never bothered to put my name to it simply because I believe that common sense dictates it.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •