Snort resources

Sourcefire has some great free webcasts available for people to become familiar or freshen up on their knowledge of Snort.

This is particularly valuable for a few reasons.

First is that Snort really is, as they at Snort say, the gold standard for IDS. Becoming familiar with Snort will make one familiar with a variety of other valuable fundamentals.

Second, deployments of Snort are never a wasted exercise. Most, if not all, of the leading SIM, threat modeling tools, or centralized logging resources will incorporate data from Snort into their reporting. This can really stretch a budget to cover a wider landscape than what might otherwise be achievable based on financial constraints.

Third, it sets a tone when dealing with vendors in an RFP process, formal or otherwise. If you ask about integration or similarity to Snort, they will take notice and know that you have some game. They will be more likely to give you real answers and not marketing fluff.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s