[Oisf-users] New Post by OISF Board Member Randy Caldejon

Fri Oct 2 19:05:34 UTC 2015

Interesting topic for discussion here, as well as, in Barcelona in November.
Kelley

On Fri, Oct 2, 2015 at 2:30 PM, Andreas Moe <moe.andreas at gmail.com> wrote:

> That would be very interesting! But again this would need alot of time,
> effort and not to mention money. Investing more in bugfixes, optimalization
> and creating a solid platform to handle the needs, speeds and new features
> of the future.
>
> Some "next-gen" Firewalls, trying to implement "every" feature, to be a
> one stop shop for "network security monitoring" often either have insane
> hardware demands or fall short. Simply since they try to do every thing at
> once. Firewalls do their job great, FireEye delivers a fantastic product in
> their niche, Bro does a awsome job within its niche. But as an example,
> Check Point does well, everything, and boasts about 100% detection rates
> (NSS Labs tests), and similar.
>
> TL;DR; Just my 2 (personal) cents. Quality over Quantity in the long run.
>
> /AndreasM
>
> P.s. please dont use the products and or vendors i mentioned to potentialy
> derail this thread, they were just used to present my thoughts, any
> "spin-offs" should be dealt with in a different thread or by personal mail.
>
> 2015-10-02 20:21 GMT+02:00 Leonard Jacobs <ljacobs at netsecuris.com>:
>
>> And would give Suricata the edge over many competing technology.
>>
>> Leonard
>>
>>
>> ------------------------------
>> *From:* Cooper F. Nelson [mailto:cnelson at ucsd.edu]
>> *To:* Leonard Jacobs [mailto:ljacobs at netsecuris.com], Kelley Misata
>> [mailto:kelley at openinfosecfoundation.org], oisf users [mailto:
>> oisf-users at openinfosecfoundation.org]
>> *Sent:* Fri, 02 Oct 2015 11:32:58 -0600
>> *Subject:* Re: [Oisf-users] New Post by OISF Board Member Randy Caldejon
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I've been doing behavioral analysis on suricata effectively for a few
>> years using custom rules and post-processing of the alert files.
>>
>> This works well enough, but I will admit a more robust implementation
>> that includes some sort of scripting engine would be a fantastic addition.
>>
>> On 10/2/2015 7:03 AM, Leonard Jacobs wrote:
>> > Nicely done. Randy, glad to see I am not the only board member that
>> > believes behavioral analysis is needed in Suricata.
>> >
>> > I look forward to see everyone in Barcelona. It is going to be an
>> > exciting conference.
>> >
>> > Leonard Jacobs, MBA, CISSP, CSSA
>> > President/CEO
>> > Netsecuris Inc.
>> > P 952-641-1421 ext. 20
>> > http://www.netsecuris.com
>>
>>
>> - --
>> Cooper Nelson
>> Network Security Analyst
>> UCSD ACT Security Team
>> cnelson at ucsd.edu x41042
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.17 (MingW32)
>>
>> iQEcBAEBAgAGBQJWDrG6AAoJEKIFRYQsa8FWKGIIAKz5vZxGYUSS/ZjpS163X/7o
>> Wohhrm43/kaS6cyXyJhlVrMeKpp7Punh5vF59cueyqT1EzVKtnkSTqPHwn5OsUBI
>> 8HDnK9Th3BUZG8oQ675T4oOqF0UOoeA3myU6n94IqcgTGzRpL8KQg6igqcagTwLM
>> ND+wAq0D8BQoM/Zw5HCxurtHJ3n2pHxPsAxMPkqIq4JECw1HlS2DB/a/DtfI35Cx
>> sMvc6L1EA9zifHm+Zy/DpRbw8d/SClajBwLBVC1oZD8Dri/4KNu2PnTyJQcMjc+g
>> 8tNzHDnEdPaBBWVrMWggn5wdkBlM0nnpdSdnQJ4VTHdVrNlCHbPPsU7tu5bB+Jw=
>> =v92B
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>> http://oisfevents.net
>>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>

-- 
*Kelley Misata*
*Open Information Security Foundation*
www.oisf.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151002/edac7ceb/attachment-0002.html>