Snort was one of the first security tools I ever used. When I was working in a small computer lab years ago, I set up a Snort sensor just to see what was there. And there was a lot in that particular environment. I’ve used it many times since then and I found out at RSA that the first Sourcefire implementation I performed is still in place, basically unchanged since I left. This is why I always take the opportunity to talk to Marty Roesch at Sourcefire if I can at RSAC. This time I got a chance to talk to him about the omnipresent APT (he prefer’s using the term APA, coined by @nselby and others), the security existential crisis, the work Sourcefire is doing with Immunet, the Cloud and Sourcefire’s virtual appliances. All that noise you hear in the background is the Securosis Recovery Breakfast.
