Hey Everyone,
Due to an increasing amount of interest recently in forming a New York City
Snort User Group, we've decided to invite all of the users in the area to
join Marty and the team for an upcoming presentation. IBM has offered to
sponsor a meeting where Marty will be discussing Target-based IDS: The
Future of the Industry. Join us for great Snort conversation, drinks, and
(of course) Snort shwag!
Presentation Topic:
First generation solutions, including IPS, suffer from lack of information
that leads to ambiguity - sensors operate with no compositional knowledge of
the network components they are defending, leading to false
positives/negatives and evasions. To solve this, Sourcefire is developing a
target-based detection engine that auto-configures itself in real-time based
on the attributes of the targeted system. This methodology requires a
continuous feed of all the attribute data for all the devices on the
protected network, even as it evolves - information provided by Sourcefire
RNA. The system will work by feeding attribute data from RNA, enabling
policy application to occur at a per-flow level of granularity, which will
maximize the blocking capability while minimizing chances of accidental DoS
as a result of false positives or misapplication of policies to improper
targets.
Date and Time:
November 10th, 2005
5:30 - 7:00 PM
Cocktails Afterward - Location TBA
Location:
IBM New York City Office
590 Madison
New York, NY
Register here: http://www.snort.org/registrations/rsvp.html
Please note: RSVP is required for building access
Questions or comments can be directed to snort-marketing@sourcefire.com.
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
