My 11th Snort Report on Snort Limitations has been posted. From the start of the article:
In the first Snort Report I mentioned a few things value-added resellers should keep in mind when deploying Snort:
1. Snort is not a "badness-ometer."
2. Snort is not "lightweight."
3. Snort is not just a "packet grepper."
In this edition of the Snort Report, I expand beyond those ideas, preparing you to use Snort by explaining how to think properly about its use. Instead of demonstrating technical capabilities, we'll consider what you can do with a network inspection and control system like Snort.
The editors titled this piece "Snort Limitations" -- I didn't.