Does anyone have any practical experience the Juniper line? Are they worth a damn?
General Discussion of Incident Response topics and related certs.
The Juniper products seem to have a bunch of marketing speak and outside of maybe quicker rules updates
This gives you some level of confidence that signatures are as up-to-date as possible whereas with Snort and Suricata, you're at the mercy of the community and yourself.
mambru wrote:I don't agree that you are guaranteed to receive quicker quicker updates from a commercial solution, you can write your own rules with open solutions. Yeah, maybe you cannot equal the volume of rules produced by a whole team dedicated to that effort. Or for example, a solution like Tipping Point benefits from a program like ZDI in a way they can offer protection against 0-day vulns sooner. But how can you be sure those rules are effective enough? Once you learn what exactly the rule is proptecting you from, you may bypass it (I've done it a couple of time), so you are at the mercy of the vendor to fix/tune up those rules, while with the open solutions you can do it by yourself.
how many Fortune 500s or better are running Suricata versus Jun or Tipping.
mambru wrote:how many Fortune 500s or better are running Suricata versus Jun or Tipping.
I just don't think that commercial solutions are always better than free ones.
Users browsing this forum: No registered users and 0 guests