[Dshield] Check Point acquires Sourcefire

Joel Esler eslerj at gmail.com
Fri Oct 7 14:22:53 GMT 2005


I think anyone that has ever used a Snort product with the VRT rules  
can vouch for the fact that the rules are second to none.  (of  
course, ever IDS vendor is going to say that), but our VRT rules  
really are the best.

We concentrate on looking for the vulnerability, the actual attack  
VECTOR.  As opposed to just the exploit.  Exploits can come and go in  
100 different methods, Vulnerabilities are what we look for, no  
matter the exploit, you can always bet on the vulnerability being  
present.

Our R&D (millions of dollars invested) is awesome.  Just to mention a  
couple people on the VRT team that are of fame, Brian Caswell, Judy  
Novak.  Mike Poor at one time IIRC was on the VRT team.

The caliber of the people we have on that team is the best, and I am  
sure anyone on this list that knows it, can back me as well.

Joel Esler

On Oct 7, 2005, at 9:49 AM, Hernandez, Moses wrote:

> Joel,
>   One of my biggest Concerns in evaluating IPS is not just  
> architecture
> but is in the R&D of Vulnerabilities and Signatures available. How  
> great
> is Sourcefire at providing signatures for the product? There are many
> companies that have a great R&D and are an "Intrusion Prevention"
> company so they make it a point to be on top of the latest threats,
> would you consider Sourcefire a company like that? If so I think  
> that's
> exactly what checkpoint needed and probably one of the biggest  
> reasons I
> never purchased or recommended an Interspect solution to a company.
>
> Moses Hernandez, CISSP, CCSA, CCNP
>
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Joel Esler
> Sent: Thursday, October 06, 2005 2:53 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Check Point acquires Sourcefire
>
> Moses,
>
> It's been True Inline for awhile now.
>
> Joel Esler
> SOURCEfire
>
>
> On Oct 6, 2005, at 2:34 PM, Hernandez, Moses wrote:
>
>
>> Yeah I heard about this earlier. The one question I have is that is
>> this
>> a true Inline IPS like say Intruvert, TippingPoint or Checkpoints
>> Interspect or is this just an IDS that can do TCP Resets?
>>
>> M
>>
>>
>> -----Original Message-----
>> From: list-bounces at lists.dshield.org
>> [mailto:list-bounces at lists.dshield.org] On Behalf Of Willy, Andrew
>> Sent: Thursday, October 06, 2005 12:59 PM
>> To: General DShield Discussion List
>> Subject: [Dshield] Check Point acquires Sourcefire
>>
>> Woah!
>>
>> http://www.snort.org/about_snort/msg_from_marty/mr_100605.html
>>
>> Andrew
>>
>> Sorry for the rider text.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> NOTICE OF CONFIDENTIALITY-The information in this email, including
>> attachments, may be confidential and/or privileged and may contain
>> confidential health information. This email is intended to be  
>> reviewed
>> only
>> by the individual or organization named as addressee. If you have
>> received
>> this email in error please notify Scottsdale Medical Imaging, an
>> affiliate
>> of Southwest Diagnostic Imaging, LTD immediately - by return
>> message to
>> the
>> sender or to support at esmil.com - and destroy all copies of this
>> message
>> and
>> any attachments. Please note that any views or opinions presented in
>> this
>> email are solely those of the author and do not necessarily represent
>> those
>> of Scottsdale Medical Imaging. Confidential health information is
>> protected
>> by state and federal law, including, but not limited to, the Health
>> Insurance Portability and Accountability Act of 1996 and related
>> regulations.
>> _________________________________________
>> Using .Net? Need to know more about .Net Security?
>> http://isc.sans.org/banner_count.php?dest=dotnet
>>
>> _______________________________________________
>> send all posts to list at lists.dshield.org
>> To change your subscription options (or unsubscribe), see:
>> http://www.dshield.org/mailman/listinfo/list
>> ********************************************************************* 
>> *
>>
>
>
>> ************************
>> IMPORTANT: The contents of this email and any attachments are
>> confidential. They are intended for the
>> named recipient(s) only.
>> If you have received this email in error, please notify the system
>> manager or the sender immediately and do
>> not disclose the contents to anyone or make copies thereof.
>> *** eSafe scanned this email for viruses, vandals, and malicious
>> content. ***
>> ********************************************************************* 
>> *
>>
>
>
>> ************************
>>
>>
>> _________________________________________
>> Using .Net? Need to know more about .Net Security?
>> http://isc.sans.org/banner_count.php?dest=dotnet
>>
>> _______________________________________________
>> send all posts to list at lists.dshield.org
>> To change your subscription options (or unsubscribe), see: http://
>> www.dshield.org/mailman/listinfo/list
>>
>>
>
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> ********************************************************************** 
> ************************
> IMPORTANT: The contents of this email and any attachments are  
> confidential. They are intended for the
> named recipient(s) only.
> If you have received this email in error, please notify the system  
> manager or the sender immediately and do
> not disclose the contents to anyone or make copies thereof.
> *** eSafe scanned this email for viruses, vandals, and malicious  
> content. ***
> ********************************************************************** 
> ************************
>
>
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http:// 
> www.dshield.org/mailman/listinfo/list
>



More information about the list mailing list