Jumat, 18 Desember 2009

Favorite Speaker Quotes from SANS Incident Detection Summit

Taking another look at my notes, I found a bunch of quotes from speakers that I thought you might like to hear.


  • "If you think you're not using a MSSP, you already are. It's called anti-virus." Can anyone claim that, from the CIRTs and MSSPs panel?

  • Seth Hall said "Bro is a programming language with a -i switch to sniff traffic."

  • Seth Hall said "You're going to lose." Matt Olney agreed and expanded on that by saying "Hopefully you're going to lose in a way you recognize."

  • Matt Olney also said "Give your analyst a chance." ["All we are sayyy-ing..."]

  • Matt Jonkman said "Don't be afraid of blocking." It's not 2004 anymore. Matt emphasized the utility of reputation when triggering signatures, for example firing an alert when an Amazon.com-style URL request is sent to a non-Amazon.com server.

  • Ron Shaffer said "Bad guys are following the rules of your network to accomplish their mission."

  • Steve Sturges said "Snort 3.0 is a research project."

  • Gunter Ollmann said "Threats have a declining interest in persistence. Just exploit the browser and disappear when closed. Users are expected to repeat risky behavior, and become compromised again anyway."


Thanks again to all of our speakers!

0 komentar:

Posting Komentar