Security / Threat Intel Question
I am interested in learning more about how firewalla works. Do you have a whitepaper explaining what open source tools are used and where you get your threat intelligence?
Specifically:
what is used for IPS? Snort, Surricata, Bro? Is SSL decryption an option?
what definitions are used for both block lists and definition lists? Do these come from Emerging Threats repo / what sources?
Thank you!
-
If you have a unit, you can actually go inside and look.
IDS (and a little bit of IPS) is Bro/Zeek, and IPS is our own homegrown
No SSL decryption.
We use a combination of static and dynamically generated lists, mostly paid (licensed), and we are starting to use some of the public lists.
Please sign in to leave a comment.
Comments
2 comments