[Snort-users] [Emerging-Sigs] Reliability of signatures

Jacob Kitchel jacob.kitchel at ...11827...
Thu Feb 10 10:47:40 EST 2011


On Thu, Feb 10, 2011 at 9:36 AM, Michael Scheidell
<michael.scheidell at ...8144...> wrote:
>
>
> On 2/10/11 10:33 AM, Jacob Kitchel wrote:
>
>  then it has to exist in the analyst's brain and the
> analyst has to make the right decision.
>
> sorry, you are relying on the intelligence of someone at 3am.
> heck, you are relying on the intelligence of someone.
>
> you can make it fool proof, but not idiot proof.

I'm not arguing the fallibility of the human mind, but a wrong
decision is a wrong decision. Just saying "well, a human made that
decision *shrugs shoulders*" doesn't mean that it's ok to knowingly
propagate misinformation.  If your(anyone's) analyst(s) are
continually making this wrong decision, either re-train them, look
over their shoulders or reconsider their viability for the position.
Otherwise, you may as well leave your IDS/IPS to be a logging device.

>
>
>
> --
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
>> | SECNAP Network Security Corporation
>
> Certified SNORT Integrator
> 2008-9 Hot Company Award Winner, World Executive Alliance
> Five-Star Partner Program 2009, VARBusiness
> Best in Email Security,2010: Network Products Guide
> King of Spam Filters, SC Magazine 2008
>
> ________________________________
>
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see http://www.secnap.com/products/spammertrap/
>
> ________________________________
>




More information about the Snort-users mailing list