IDS mailing list archives
Re: Announcement: Alert Verification for Snort
From: Michael Sierchio <kudzu () tenebras com>
Date: Thu, 23 Oct 2003 19:28:43 -0700
Martin Roesch wrote:
Yes. Separating the wheat from the chaff is becoming increasingly important in IDS as we all know, I'll be interested to see how the different techniques and approaches people are using to address this problem actually work in production.
Judgement and discrimination require human intervention. When I hear those who say things akin to "intrusion detection doesn't work," I think of the story of the guy who returned a violin to the music store with the complaint, "this violin doesn't play Mozart." I like your term "nontextual" -- and the implication that there's no substitute for an assessment of the assets we are placing at risk, what their vulnerabilities are, what the (known) threats are, etc. Managers want "plug and play" because they have so little respect for our profession ;-) --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register athttp://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4.
---------------------------------------------------------------------------
Current thread:
- Re: Announcement: Alert Verification for Snort, (continued)
- Re: Announcement: Alert Verification for Snort Sam f. Stover (Oct 23)
- Re: Announcement: Alert Verification for Snort Christopher Kruegel (Oct 23)
- Re: Announcement: Alert Verification for Snort Sam f. Stover (Oct 23)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 24)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 23)
- Re: Announcement: Alert Verification for Snort Randy Taylor (Oct 23)
- Re: Announcement: Alert Verification for Snort Sam f. Stover (Oct 23)
- Re: Announcement: Alert Verification for Snort Michael Stone (Oct 24)
- Re: Announcement: Alert Verification for Snort Michael Sierchio (Oct 24)
- Re: Announcement: Alert Verification for Snort Michael Stone (Oct 27)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 23)
- Re: Announcement: Alert Verification for Snort Michael Sierchio (Oct 23)
- Re: Announcement: Alert Verification for Snort Ron Gula (Oct 23)
- Re: Announcement: Alert Verification for Snort Frank Knobbe (Oct 24)
- Re: Announcement: Alert Verification for Snort Barry Fitzgerald (Oct 24)
- RE: Announcement: Alert Verification for Snort Craig H. Rowland (Oct 24)
- Re: Announcement: Alert Verification for Snort Robin Sommer (Oct 24)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 23)
- Re: Announcement: Alert Verification for Snort Michael Krieger (Oct 24)
- Re: Announcement: Alert Verification for Snort Bill Royds (Oct 24)