Is GCIA Practical for an Intrusion Analyst?
This may sound like a dumb question, after all the certification in its title says "Intrusion Analyst", but someone let me see his Security 503 books, granted they were like 4 years old, but after glancing at them my initial reaction was is learning all this going to be worth my time? Since, at my current job we definitely don't use tcpdump or windump tools, and it seems like this whole certification is based on that tool. And as for raw packet analysis, I don't see the value of that either. I mean that's why we have various IDS sensors on our network to detect packets that are suspicious, Its certainly not practical for an Intrusion Analyst these days to do raw packet analysis. Also, we use full session replay software like NetWitness, which again defeats the point of performing manual packet capture. I just really don't see in the future how doing manual packet capture analysis will be worth it IMO. It would be interesting to hear others view on this. I guess I am trying to find out if enrolling in the SANS 503 class will be beneficial to me in my environment based on the information I provided above. Also, If somebody who has the current set of SANS 503 can clarify if tcpdump or windump is still the tool they use in the books?