[Dshield] Snort goes commercial

Wilson, Jesse (I.T. Dept) WilsonJ at stifel.com
Tue Mar 12 17:37:22 GMT 2002

By Phil Hochmuth 

Open source users may already know of the Linux-based Snort 
intrusion detection system. The system has been an open source 
resource for the last three years for businesses and 
institutions looking for an effective and low-cost packet 
inspection system. Now the makers of Snort are hoping to smell 
some cash thanks to the technology. 

Martin Roesch, the developer of the software, has created a 
startup company called Sourcefire to sell a hardware appliance 
that will run Snort, along with a management console. The 
product will be called the OpenSnort Sensor, and will sell for 

The console allows groups of sensors to have their policies and 
logs managed from a central point on the network. According to 
Sourcefire, the console offers near real-time multi-user data 
analysis and correlation of events. 

Other features include:

* Multisensor configuration management and data aggregation.

* Data management.

* Encrypted communications with sensors.

* Forensic data analysis.

* Report generation system.

* Network configuration.

* Signature management and creation.

* Real-time alert configuration.

Users have lauded Snort for its 1,600 rules for identifying and 
stopping suspicious packets or patterns of packets at network 
entrance points. The software supports around 1,600 different 
criteria for identifying bad network traffic, more than twice 
that of some commercial network IDS products. 

Why pay for the new "professionalized" version of Snort? 
According to Sourcefire, for your money you get technical 
support and a management console that is designed to help put 
all the rules to work more easily. These are two things that 
appeal to enterprise network managers almost as much as the 
idea of network security.  

More information about the list mailing list