SnortCP still around?

Hello,

I know there have been some questions about the true value of the SnortCP, but is it even still available to take? It looks to me like this was the page where you could take the exam: Exams but the link under the SnortCP just leads to an error page. I tried email their tech support, but got no response.

Anyone know if this still exists, and if so, how do you take it?

Thanks.

Find more posts tagged with

Comments

docrice

Open-book, non-proctored exam. I don't think most security professionals would take it seriously, including myself. My write-up:

http://www.techexams.net/forums/security-certifications/77438-review-snort-ids-ips-rule-writing.html

The course for it is still listed on the Sourcefire site:

http://www.sourcefire.com/services/courses/snort-ids-ips-rules
https://na8.salesforce.com/sfc/p/80000000dRH9saofjYRQFQSTLUlibLaV0ZcOXMs=

Check with services@sourcefire.com. Maybe they might be able to help you.

SephStorm

Hey Doc, despite it being Open book/non-proctored, most individuals who have it would reasonably have the knowledge/experience, due to it being low visibility, mostly a in person class. you still wouldn't "take it seriously"? It sounds like the material was still worth knowing, even if there are better options like the GCIA.

docrice

The class was great, but the test was ... well, I'd respect it more if it was proctored. I think it invites the possibility of easier cheating.

But that said, since it's open-book how does one ****? I've heard of people taking the test for others though. The overall exam process seems more of an after-thought. The real meat is in the class and one that I wish I had known about a long time ago so it'd give me a leg up on how IDS works, even though I wouldn't have been able to afford taking it back then.

Mechs

Hi Docrice, I read your write up in the other review thread you authored and it was insightful.

I couldn't seem to get a price for this course online, and you said it was near SANS price, which I know is expensive as I just passed my GCIA a few days ago.

My favourite section of the GCIA course was the Snort part, and I had previously done my MSc based on Snort and Suricata. My current role I am an Intrusion Analyst, but I do not concentrate on Snort alerts, rather any and all IDS/Firewalls/logs. But I did want to get this cert because it still interests me. I have done a bit of poking around online and there seems to be nothing about prices/resources. They teach the Snort + Rule writing course, but only in the US/Germany and I am in the UK. Hell, there's no information about how I can even go and sit the exam without going on the course.

I don't know if this is still beneficial really? Thankfully my company will eat up the costs, but I don't know if it's really worth it, but there aren't many other Intrusion based certs out there.

SephStorm

You seem split between the course and the exam.

Doc will have to remind us on where you can take the exam, but I do not think you have to attend the course to take it. On the other hand, it seems the course is worth more than the exam. But the value in any cert is debatable. It looks like my company may be bringing this course in (or sending us to it) at some point. I'm looking forward to it if I get chosen.

docrice

The exam is taken online through a portal while you're at home. Not sure if you can sit the exam without taking the course as it's not an advertised option but presumably it's tied together. This is about a $4000 course from what I recall, which is why I said it's about SANS pricing. It's only a 4-day class though.

The value is in the course. The cert ... well, not many people know about it, and those who are IDS specialists tend to discount the merit of such a certification since it's a very complex subject which requires a lot of hands-on time to develop. The exam can only validate so much and in my opinion, it's a "nice to have on paper" but in practice doesn't hold much weight, especially since it's non-proctored.

I took the class mainly to fill gaps (which I had a lot of), but as I don't spend all my hours doing IDS, it lessens the credibility of my SnortCP cert. The reward in intrusion analysis is discovering the nuances of your environment, being able to detect abnormal deviations from it, sufficient event validation, and reacting within a relatively short window. It's part science and part art, but it goes a lot deeper than simply configuring Snort or other appliance/solution periodically because you have to frame context around the event.

Being able to see all the moving parts and putting them together (reverse-engineering an event based on extracted evidence, if you will) is ultimately what I consider the fun part.