jeff at ...430...
jeff at ...430...
Mon Nov 20 11:38:24 EST 2000
I'd have to say these people aren't very plugged in. Marty can correct me if
I'm wrong, but hasn't Steve Northcutt said for a long time that the GIAC
receives more snort alerts than any other IDS? I would say it depends on
the organization. Some people are really plugged in and know about snort and
often are even using it. Other times, people think they want an IDS but don't
know much about IDS in general and buy something as inept as "Cisco Secure
Intrusion Detection" (which is a product based on technology that is _several_
years old which Cisco didn't even invent but rather purchased from the Wheel
IDS shouldn't have to be a popularity contest, but for some CTOs and CIOs, etc. it's the same mentality that has prevailed for a _long_ time: "no one ever
got fired for buying Cisco".
> Hi all,
> I was recently in a meeting with one of the big 5 European banks, they
> wanted an overview of the security systems we have in place on some
> co-lo machines, I went through writing this up on a white board and
> talked about all the different bit's n' bobs etc. Came to IDS and I
> explained that we used Snort, the quiet guy said nothing and the other
> guy hadn't heard of it.
> Im wondering what others experiences are when talking about IDS's to
> large organisations, do they scoff at you because you are using
> something that didn't cost a couple K? or do they accept it? What is the
> perception of snort to management that have a role in IS but doesn't know a
> whole lot about the tech?
> Ohh yeah, btw I think snort rocks and it works great for me, if it
> didn't we would have gone for a expensive commercial beastie :)
> Kind Regards,
> Key fingerprint = D058 2F50 5202 4FC2 7B71 3996 369D 12C2 0F23 67D2
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
http://jeff.wwti.com (pgp key available)
"Common sense is the collection of prejudices acquired by age eighteen."
- Albert Einstein
More information about the Snort-users