How Can you build and leverage SNORT IDS Metrics to reduce risk?
SANS Reading Room
September 19 , 2013
Many organizations have deployed Snort sensors at their ingress
points. Some may have deployed them between segmented internal
networks. Others may have IDS
sensors littered throughout the organization. Regardless of how the
sensor is placed the IDS can provide a significant view into traffic
crossing the network. With this data
already being generated, how many organizations create metrics for
further analysis? What metrics are valuable to security teams and
how are they used? What insights can
one gain by good metrics and how can that be used to reduce risk to
the organization?
Forensic Analysis on iOS Devices
SANS Reading Room
November 5, 2012
With a “bring your own device” (BOYD) movement, smart phones and
tablets have exploded onto the corporate environment and show no
sign of receding. This “consumerization” of endpoints means users
will be performing work on devices other than the traditional
organizational desktop or laptop running windows.
Meeting Compliance Efforts with the Mother of All Control Lists
SANS Reading Room
March 4, 2010
With the multitude of different compliance efforts an organization
could be subjected to, it is not uncommon to hear confusion on what
may or may not apply. What compliance regulations does the
organization fall under? What must the organization do to meet a
specific compliance effort and not conflict with a separate one?
Simple Windows Batch Scripting for Intrusion Discovery
SANS Reading Room
September 29, 2009
Common free tools and automatic batch scripting that can be used to
identify an intrusion on a Windows operating system.
Is Virtual Desktop Infrastructure (VDI) Right for Me?
SANS Newsbites
July 15, 2009
Virtual Desktop Infrastructure (VDI) is a solution for
server-hosted, virtual desktop computing that leverages thin client
architecture and centralizes endpoint images as virtual machines.
Creating and Maintaining Policies for Working with Law Enforcement
SANS Reading Room
May 21, 2008
Overview of a strategy that companies can take to deal with law
enforcement.
Creating and Managing an Incident Response Team for a Large Company
SANS Reading Room
July 18, 2007
Using good communication skills, clear policies, professional team
members and utilizing training opportunities, a company can run a
successful incident response team.
Creating a Comprehensive Vulnerability Assessment Program for a
Large Company Using QualysGuard
Qualys
September 9, 2008
Independent author Tim Proffitt writes his thesis, as part of his
GIAC certification requirements, on how large companies should
implement a Vulnerability Assessment Program using QualysGuard. The
white paper is hosted in the SANS Institute Reading Room, and
provided by SANS as a resource to benefit the security community at
large.
My goal is to write about technology. When I have the time, I enjoy the research and the challenge of taking a complicated subject and presenting it in a understandable format.