[Oisf-users] New Post by OISF Board Member Randy Caldejon

Andreas Moe moe.andreas at gmail.com
Fri Oct 2 18:30:06 UTC 2015

That would be very interesting! But again this would need alot of time,
effort and not to mention money. Investing more in bugfixes, optimalization
and creating a solid platform to handle the needs, speeds and new features
of the future.

Some "next-gen" Firewalls, trying to implement "every" feature, to be a one
stop shop for "network security monitoring" often either have insane
hardware demands or fall short. Simply since they try to do every thing at
once. Firewalls do their job great, FireEye delivers a fantastic product in
their niche, Bro does a awsome job within its niche. But as an example,
Check Point does well, everything, and boasts about 100% detection rates
(NSS Labs tests), and similar.

TL;DR; Just my 2 (personal) cents. Quality over Quantity in the long run.


P.s. please dont use the products and or vendors i mentioned to potentialy
derail this thread, they were just used to present my thoughts, any
"spin-offs" should be dealt with in a different thread or by personal mail.

2015-10-02 20:21 GMT+02:00 Leonard Jacobs <ljacobs at netsecuris.com>:

> And would give Suricata the edge over many competing technology.
> Leonard
> ------------------------------
> *From:* Cooper F. Nelson [mailto:cnelson at ucsd.edu]
> *To:* Leonard Jacobs [mailto:ljacobs at netsecuris.com], Kelley Misata
> [mailto:kelley at openinfosecfoundation.org], oisf users [mailto:
> oisf-users at openinfosecfoundation.org]
> *Sent:* Fri, 02 Oct 2015 11:32:58 -0600
> *Subject:* Re: [Oisf-users] New Post by OISF Board Member Randy Caldejon
> Hash: SHA1
> I've been doing behavioral analysis on suricata effectively for a few
> years using custom rules and post-processing of the alert files.
> This works well enough, but I will admit a more robust implementation
> that includes some sort of scripting engine would be a fantastic addition.
> On 10/2/2015 7:03 AM, Leonard Jacobs wrote:
> > Nicely done. Randy, glad to see I am not the only board member that
> > believes behavioral analysis is needed in Suricata.
> >
> > I look forward to see everyone in Barcelona. It is going to be an
> > exciting conference.
> >
> > Leonard Jacobs, MBA, CISSP, CSSA
> > President/CEO
> > Netsecuris Inc.
> > P 952-641-1421 ext. 20
> > http://www.netsecuris.com
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> Version: GnuPG v2.0.17 (MingW32)
> Wohhrm43/kaS6cyXyJhlVrMeKpp7Punh5vF59cueyqT1EzVKtnkSTqPHwn5OsUBI
> 8HDnK9Th3BUZG8oQ675T4oOqF0UOoeA3myU6n94IqcgTGzRpL8KQg6igqcagTwLM
> ND+wAq0D8BQoM/Zw5HCxurtHJ3n2pHxPsAxMPkqIq4JECw1HlS2DB/a/DtfI35Cx
> sMvc6L1EA9zifHm+Zy/DpRbw8d/SClajBwLBVC1oZD8Dri/4KNu2PnTyJQcMjc+g
> 8tNzHDnEdPaBBWVrMWggn5wdkBlM0nnpdSdnQJ4VTHdVrNlCHbPPsU7tu5bB+Jw=
> =v92B
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151002/ea033c48/attachment-0002.html>

More information about the Oisf-users mailing list