Snort mailing list archives
Re: Hummm...
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 16 Mar 2004 11:36:42 -0500
Hi Chad,We have load balancing built into our sensors, we've developed a software-based method of grouping sensors together and having them do flow-based load balancing (i.e. flows maintain integrity across individual sensors).
I'm not going to go into which database we're using exactly (it's proprietary) except to say that we don't use the free databases for anything other than configuration storage and data caching on our low-end sensors. The DB we use for our high performance data management system is an embedded in-memory indexing system, very very different from most of the DB's you commonly see Snort users deploying. :) We use unified formatted output coming out of Snort and move the data into the backend using our own data engine, it's still the same Snort but pretty much everything else is custom on our systems.
-Marty On Mar 16, 2004, at 11:02 AM, Kreimendahl, Chad J wrote:
When you say built-in load balancing, are you speaking of a feature similar to what TopLayer does, or are you just speaking to the console? Also, any chance you're allowed to tell us what DB you use? I had figured postgres, but knowing your opinion on output plugins, also suspect you're doing something barnyard-like.-----Original Message----- From: Martin Roesch [mailto:roesch () sourcefire com] Sent: Monday, March 15, 2004 5:09 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Hummm... Hi Chad & Shannon, The gigabit sensor (NS 3000) is only available via Sourcefire or one of our partners currently, the Dell relationship is selling our NS500/NS1000 appliances only right now. We're waiting to see how things go with the reseller relationship before we commit to rolling our full set of product offerings. As far as Sourcefire pricing is concerned, our IDS pricing is in line with other enterprise-grade IDS vendors. Sourcefire isn't just shipping "Snort on a box", we've got a considerable amount of custom software including reporting tools, a data (event) analysis interface, incident handling interface, policy builder, rules management, system administration interface, online docs and so on built into our devices in addition to our tech support, installation and training that we offer as a corporation. This is very different then just enabling some linux features, installing Snort and then slapping MySQL/ACID on the box and calling it a day, our systems are robust and built to scale. If you want to use a metaphor for what we're doing, we can go to the overused car thing. You can buy a VW with a Porsche engine in it and it's just a VW. We're building Porsche's over here (well, more like big trucks, but you get the picture). The $8k machine is *engineered* to handle 45Mbps, it'll handle precisely that amount while giving you the ability to go from out-of-the-box to up-and-running in about 20 minutes and have everything right there and running that you need to do intrusion detection while being easy to use/administer and very scalable. If it breaks you get a phone number that's manned 24x7 to call, if you want training on the product and how to do IDS we can provide that too. We also have enterprise features like built-in load balancing, hot failover for our management console, a high performance built-in data management system, etc. I guess what I'm saying is that when I started Sourcefire the original mission was to figure out how to get people to want to pay for something that's free. The only way to get there is if you add enough value so that people feel compelled to pay for it, that's what we've really worked hard to do. We've got a several hundred customers who believe that we are providing enough value to spend money because they recognize the value of what we've built. -Marty On Mar 15, 2004, at 1:55 PM, Kreimendahl, Chad J wrote:Where's the gig capable machine? It's hard to believe the $8k machineonly handles 45Mbps.On Mar 15, 2004, at 11:31 AM, Shannon M. Anderson wrote:Wow, that source fire isn't cheap is it? We run 3 similar device from Sabrnet (www.sabrnet.com), But it not only has Snort with a good GUI admin for it. It also provides a gateway router w/serial T1/E1 device, multiple Ethernets (10/100/1000), online updates, Firewall and VPN, Traffic control (CBQ's) and NAT failover. Our cost was 2950.00 a unit and came in a 1U package for easy rack mounting. So if your looking for a really secure border router/gateway that can do it all this is where I would start looking.-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Hummm... Shannon M. Anderson (Mar 15)
- <Possible follow-ups>
- RE: Hummm... Kreimendahl, Chad J (Mar 15)
- Re: Hummm... Martin Roesch (Mar 15)
- RE: Hummm... Shannon M. Anderson (Mar 16)
- Re: Hummm... Martin Roesch (Mar 17)
- RE: Hummm... Kreimendahl, Chad J (Mar 16)
- Re: Hummm... Martin Roesch (Mar 16)
- RE: Hummm... Kreimendahl, Chad J (Mar 17)
- RE: Hummm... Shaffer, Paul D (Mar 17)