[Dshield] Snort goes commercial
Wilson, Jesse (I.T. Dept)
WilsonJ at stifel.com
Tue Mar 12 17:37:22 GMT 2002
NETWORK WORLD NEWSLETTER:
By Phil Hochmuth
Open source users may already know of the Linux-based Snort
intrusion detection system. The system has been an open source
resource for the last three years for businesses and
institutions looking for an effective and low-cost packet
inspection system. Now the makers of Snort are hoping to smell
some cash thanks to the technology.
Martin Roesch, the developer of the software, has created a
startup company called Sourcefire to sell a hardware appliance
that will run Snort, along with a management console. The
product will be called the OpenSnort Sensor, and will sell for
The console allows groups of sensors to have their policies and
logs managed from a central point on the network. According to
Sourcefire, the console offers near real-time multi-user data
analysis and correlation of events.
Other features include:
* Multisensor configuration management and data aggregation.
* Data management.
* Encrypted communications with sensors.
* Forensic data analysis.
* Report generation system.
* Network configuration.
* Signature management and creation.
* Real-time alert configuration.
Users have lauded Snort for its 1,600 rules for identifying and
stopping suspicious packets or patterns of packets at network
entrance points. The software supports around 1,600 different
criteria for identifying bad network traffic, more than twice
that of some commercial network IDS products.
Why pay for the new "professionalized" version of Snort?
According to Sourcefire, for your money you get technical
support and a management console that is designed to help put
all the rules to work more easily. These are two things that
appeal to enterprise network managers almost as much as the
idea of network security.
More information about the list