[Zeek] Can Zeek be installed as in-line IPS?
Richard Bejtlich
richard at corelight.com
Mon Mar 18 10:40:06 PDT 2019
Yes, as Seth said, I said IPS. Is anyone really deploying IPS now? I only
see Palo Alto firewalls, etc.
Sincerely,
Richard
On Mon, Mar 18, 2019 at 1:02 PM Seth Hall <seth at corelight.com> wrote:
>
>
> On 18 Mar 2019, at 11:30, Patrick Kelley wrote:
>
> > I still see the same issues we had on networks 10 years ago. It is
> > reduced, due to HTTPS and some SMTP, sure. Dead... not really.
>
> To be fair, he did say IPS. In my opinion IPS has always been in a
> weird spot where the definition isn't terribly clear (block a single
> packet in-flight? block a connection after a determination is made?
> ...etc).
>
> I think everyone here will agree that the visibility provided by Zeek is
> useful even on modern networks and that tail of completely unencrypted
> traffic is awfully long. :)
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
--
Richard Bejtlich
Principal Security Strategist, Corelight
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190318/5dbbca4c/attachment.html
More information about the Zeek
mailing list