FLASH FYI: SANS Tool Talk Webcast on True Intrusion Prevention

[genXer]

Going on right now: https://www.sans.org/webcasts/show.php?webcastid=90705

Put on by SourceFire - creators of Snort. http://www.sourcefire.com/

Slides available too - you have to sign up/in to get them... or is it legal for me to post it meah? Always get confused on that.

Update: some marketing - as can be expected - but still some good information.

Update2: presentation is over - here is one link I can provide if interested in learning more about this topic: http://www.snort.org/docs/industry/A...ulouse2004.pdf

[thehorse13]

I find that many people are interested in IPS but very few are actually using it in production environments. The most cited reasons for not using it is interruption in availability of critical resources in the event of a false positive hit.

[genXer]

I find that many people are interested in IPS but very few are actually using it in production environments. The most cited reasons for not using it is interruption in availability of critical resources in the event of a false positive hit.

Yes I agree. They spoke to that in the presentation - obviously highlighting that their product would work to create "micro-policies" in an environment, or across environments to circumvent that; by "intelligently" scanning the enterprise then deriving a micro-policy from that - so that the enterprise's resources are not constantly being robbed. I think first, however, and as you have stated many times before, organizations need to perform a risk assessment in regards to technology and how that technology interfaces with their business before throwing random tools into the mix to address a potential problem. I will say however, that the presentation was more informative that I thought it would be and not so much marketing hype - that was saved for the second to last slides at the end.

[Nokia]

Ive always found that most people just dont know how to use app's like snort, so end up not bothering with it.

Hell, I have even seen someone trying to install it on his home Windows 98 PC! that was funny!

I found it a hard application to learn but well worthwhile.

[thehorse13]

organizations need to perform a risk assessment in regards to technology and how that technology interfaces with their business before throwing random tools into the mix...

This can be boiled down to, "Process, not product."

Feel free to use it. Heh.

--TH13

[genXer]

This can be boiled down to, "Process, not product."

Feel free to use it. Heh.

Hrmmm... you're a smart one you are - but a few people beat ya on making it a quote:

http://www.cioinsight.com/article2/0...1867056,00.asp

http://www.schneier.com/crypto-gram-0005.html From Bruce Schneier's website talking about security being a process - not a product.

But, but - it's still cool and effective - and wihout your post I wouldn't have known to thinkg about it or look it up. So you're still a genius. 'Course - they could have just been quoting you the whole time - which is definitely possible. And I am gonna use it - in fact just did to my boss's boss. He loves it when I tell him that stuff! Thanks much!

[architect23]

I'm listening to the webcast now, it's very good by the way.

[thehorse13]

But, but - it's still cool and effective - and wihout your post I wouldn't have known to thinkg about it or look it up. So you're still a genius. 'Course - they could have just been quoting you the whole time - which is definitely possible. And I am gonna use it - in fact just did to my boss's boss. He loves it when I tell him that stuff! Thanks much!

LOL, yes, C level folk love catchy phrases.

I've been saying this for about 10 years now. It's certainly possible that someone else said it too. I've never bothered to put my name to it simply because I believe that common sense dictates it.

--Th13