![snort logo](/images/snort-logo.png)
Snort mailing list archives
RE: Comparison question
From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Mon, 28 Feb 2005 11:34:28 -0600
1) With open source Snort, you're not bound to any costly licensing restrictions like you would be with the Sonicwall. E.g. if you wanted to deploy additional Snort installations around your network, all you'd have to do is lynx to www.snort.org rather than calling someone to order additional sensors. 2) Also, Snort and its signature language are in much greater use and more popularly supported than say the proprietary rules language of Sonicwall, NFR (NCODE), etc or any other commercial IDS vendor that doesn't use Snort's signature syntax. I suppose a shift is happening in the commercial vendor space where vendors are now looking to or have already added support for Snort's language (e.g. ISS and their addition of TRON). So when hiring a new IDS analyst, its going to be a far easier finding someone who used Snort at home or the office rather than trying to sift through resumes of people looking for someone whose used Sonicwall's IDS. Also, notice that when Symantec and the other AV companies that release a whitepaper on a new worm, they'll typically include a Snort signature(s) for detection. 3) Price! Snort == free. Sonicwall == $$$ 4) I am unaware of Sonicwall's ID and IPS capabilities, however, Snort obviously having protocol anomaly detection, stateful pattern detection, and other capabilities as an IDS etc.. Also, with the latest 2.3 of Snort, users have the capability to also go inline in addition to its use of flexresp for passive IPS through shunning. 5) How confident is the company running a stateful packet inspection IDS/IPS on the same system routing traffic in/out of your network at the perimeter? Separation of duties please :) Just my 2 cents. Take it as you will. I hope it helps you in providing a good argument to the powers that be. Best Regards, Eric Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC 1134 N. Main St. Algonquin, IL 60102 Tel: (877) 262-7593 x327 Fax: (877) 262-7593 Web: http://www.appliedwatch.com "Browserless, Enterprise Snort Management" -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Shaun T. Erickson Sent: Sunday, February 27, 2005 7:24 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Comparison question First, I'm not trying to start a religious war. I'm just looking for information to educate myself with, so I can make the best decision for *my* organization. That said ... I am wondering if anyone can give me any idea as to how well, or not, a Snort installation (of whatever is latest) would compare to using the IDS/IPS features of my SonicWall firewall (a Pro 4060, running their latest firmware). I have the firewall, with those features licensed. I could set up Snort. I'm trying to decide the merits of either decision. -ste ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Comparison question Shaun T. Erickson (Feb 28)
- Re: Comparison question Kevin Johnson (Feb 28)
- RE: Comparison question Eric Hines (Feb 28)
- Re: Comparison question David Glosser (Feb 28)