Friday, December 21, 2007

Snort Report 11 Posted

My 11th Snort Report on Snort Limitations has been posted. From the start of the article:

In the first Snort Report I mentioned a few things value-added resellers should keep in mind when deploying Snort:

1. Snort is not a "badness-ometer."
2. Snort is not "lightweight."
3. Snort is not just a "packet grepper."

In this edition of the Snort Report, I expand beyond those ideas, preparing you to use Snort by explaining how to think properly about its use. Instead of demonstrating technical capabilities, we'll consider what you can do with a network inspection and control system like Snort.


The editors titled this piece "Snort Limitations" -- I didn't.

2 comments:

Spy Guy said...

Why is it that most security people measure the wrong things? A study published by Spy-Ops and supported by studies by the FBI and CIA show that most (80+%)of systems security incidents are caused by insiders. Most security organizations are looking at the front door (the web) and the theives are coming in the employee entrance!

Richard Bejtlich said...

Spy Guy,

Try reading my insider threat posts for several years worth of discussion to the contrary.