[Zeek] Can Zeek be installed as in-line IPS?
Patrick Kelley
patrick.kelley at criticalpathsecurity.com
Mon Mar 18 10:49:50 PDT 2019
Yes. Many.
PCI-DSS 11.4 comes up quite often. Whether we have consensus on the
validity and utility of an IPS or not, it comes up in every single PCI
audit.
On Mon, Mar 18, 2019 at 1:40 PM Richard Bejtlich <richard at corelight.com>
wrote:
> Yes, as Seth said, I said IPS. Is anyone really deploying IPS now? I only
> see Palo Alto firewalls, etc.
>
> Sincerely,
>
> Richard
>
> On Mon, Mar 18, 2019 at 1:02 PM Seth Hall <seth at corelight.com> wrote:
>
>>
>>
>> On 18 Mar 2019, at 11:30, Patrick Kelley wrote:
>>
>> > I still see the same issues we had on networks 10 years ago. It is
>> > reduced, due to HTTPS and some SMTP, sure. Dead... not really.
>>
>> To be fair, he did say IPS. In my opinion IPS has always been in a
>> weird spot where the definition isn't terribly clear (block a single
>> packet in-flight? block a connection after a determination is made?
>> ...etc).
>>
>> I think everyone here will agree that the visibility provided by Zeek is
>> useful even on modern networks and that tail of completely unencrypted
>> traffic is awfully long. :)
>>
>> .Seth
>>
>> --
>> Seth Hall * Corelight, Inc * www.corelight.com
>>
>
>
> --
> Richard Bejtlich
> Principal Security Strategist, Corelight
>
--
*Patrick Kelley, CISSP, C|EH, ITIL*
*CTO*
patrick.kelley at criticalpathsecurity.com
(o) 770-224-6482
*The limit to which you have accepted being comfortable is the limit to
which you have grown. Accept new challenges as an opportunity to enrich
yourself and not as a point of potential failure.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190318/7d0aa693/attachment.html
More information about the Zeek
mailing list