[Snort-sigs] Surprised by snort classtype...

Guise McAllaster guise.mcallaster at ...2420...
Tue Jan 19 12:57:00 EST 2010


Gents,

Yesterday I was tasked with giving an executive level presentation to the
CISO and CFO for the security benefits of Snort in an IDS role as a budget
justification for a SourceFire IPS sensor/appliance and VRT subscription.
The presentation was going quite well and they asked about content filter
and policy violations and I showed several examples, including classtype,
from our live system.  Sadly, several of the entries contained
"kickass-porn" and the female CISO was very upsetting.  Both the CFO and
CISO reacted negatively, claims an Enterprise-Ready product would never use
such unprofessional profane names.  I was surprised too and looked in the
manual and saw that the description for "kickass-porn" was, "SCORE! - get
the lotion".  What? >:-0 Really? Now I'm looking at a budget trim for this
year as well as being forced away from adoption of the SF IPS product since
a similar asstype is used.

While most IDS mates can laugh it off this is something to keep in mind with
regard to the professionalism such word choices say.  In this case, with
some fault of my own for not scrubbing the bits, it cost me what I would
rate a top notch IPS product.  Now I'm forced to settle for something
inferior. :(  Just wanting to warn others to not make my same mistake.

Guise
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100119/6634e811/attachment.html>


More information about the Snort-sigs mailing list