An Information Security Community
Every now and then somebody starts an argument about whether or not it should be a secret which security products you are using.
I will tell you my opinion on that right away:
1.) Unless your risk profile is extremely high and you are one of the five or so organizations in the world who really have super awesome wicked OPSEC in place, don't even bother starting to think about keeping secret the fact that you are using Snort.
2.) If you are using a widely spread product, you can't keep it secret anyway. People talk and vendors often give resellers access to parts of their license database which holds the information who has licensed what.
3.) It is counterproductive because it will hinder your admins and analysts from doing a good job if they are not allowed to talk to other people about those products and share knowledge.
4.) There are only so many products on the market and it's not that difficult to figure out what you are using anyway.
But there are some things you could and should keep secret or at least not disclose too many details about.
Those are for instance
- details on your internal procedures and capabilities for IR, forensics etc.
- details on your tarpits, honeypots and other customized countermeasures
In my personal experience the call for secrecy on product usage most of the time comes from persons who just have no clue.
They tend to think keeping things secret is easier than building elaborate OPSEC capabilities.
It is not, it does not work and it does not help.
My train of thought here may be flawed or there might be different angles on that topic so please comment and discuss.