“The comprehensiveness of adaptive movement is limitless.” -The Art of War, Chapter 5: Strategic Advance

This reminds me of recent comments from Bejtlich about IDS/IPS devices that are alert-based but have little additional knowledge for the analyst. That is not very adaptive, and as such, ends up affording little value below the surface. Being able to be adaptive in IT and especially security is an amazing ability, as opposed to have very complex, rigid, or incomplete implementations that don’t afford much in terms of quick reaction, seamless changes, and ability to get the data you need. It also makes me think of on-demand sniffing needs. Can a security analyst quickly span ports into a pre-configured system set to sniff traffic, or will the analyst have to jump through hours of hoops to get this set up for an emergency?