Snort mailing list archives

RE: Hummm...

From: "Shannon M. Anderson" <sanderson () ecalton com>
Date: Tue, 16 Mar 2004 09:01:40 -0500


Sorry, I didn't mean to sound like I was down playing Sourcefire..  And it sound as if you put some real effort in to 
your products. And as far as a IDS sensor goes I'm sure your on top of it. We do a bit of web development for 
www.sabrnet.com as part of a trade off for some cost differences in hardware we buy/ sell to our clients(colo's). So if 
I sound like I'm selling it is only because I know the people that develop for Sabrnet. Sabrnet is reaching for a 
slightly different client then Sourcefire. Clients with the need to consolidate their hardware or those who are looking 
for a gateway security device that will replace their Cisco router, firewall and VPN systems with a single cost 
effective box. They went a step further with the onboard IDS sensor (no acid or DB runs on a Sabrnet just the sensors 
it self) and Traffic control which we use here daily probably one of the best features. Of course they do URL filtering 
and automate all aspects of the system with each component supplied on the box. Not just a Linux box running mysql and 
acid.. (smiles). I would not compare the two devices equally since Sabrnet is a security router at its base and not a 
standalone IDS sensor. To compare it equally to Sourcefire would be unfair as they are to different markets and are 
built for different client requirements even though they do similar things.

   

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: Monday, March 15, 2004 6:09 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Hummm...


Hi Chad & Shannon,

The gigabit sensor (NS 3000) is only available via Sourcefire or one of 
our partners currently, the Dell relationship is selling our 
NS500/NS1000 appliances only right now.  We're waiting to see how 
things go with the reseller relationship before we commit to rolling 
our full set of product offerings.

As far as Sourcefire pricing is concerned, our IDS pricing is in line 
with other enterprise-grade IDS vendors.  Sourcefire isn't just 
shipping "Snort on a box", we've got a considerable amount of custom 
software including reporting tools, a data (event) analysis interface, 
incident handling interface, policy builder, rules management, system 
administration interface, online docs and so on built into our devices 
in addition to our tech support, installation and training that we 
offer as a corporation.  This is very different then just enabling some 
linux features, installing Snort and then slapping MySQL/ACID on the 
box and calling it a day, our systems are robust and built to scale.

If you want to use a metaphor for what we're doing, we can go to the 
overused car thing.  You can buy a VW with a Porsche engine in it and 
it's just a VW.  We're building Porsche's over here (well, more like 
big trucks, but you get the picture).

The $8k machine is *engineered* to handle 45Mbps, it'll handle 
precisely that amount while giving you the ability to go from 
out-of-the-box to up-and-running in about 20 minutes and have 
everything right there and running that you need to do intrusion 
detection while being easy to use/administer and very scalable.  If it 
breaks you get a phone number that's manned 24x7 to call, if you want 
training on the product and how to do IDS we can provide that too.  We 
also have enterprise features like built-in load balancing, hot 
failover for our management console, a high performance built-in data 
management system, etc.

I guess what I'm saying is that when I started Sourcefire the original 
mission was to figure out how to get people to want to pay for 
something that's free.  The only way to get there is if you add enough 
value so that people feel compelled to pay for it, that's what we've 
really worked hard to do.  We've got a several hundred customers who 
believe that we are providing enough value to spend money because they 
recognize the value of what we've built.


      -Marty


On Mar 15, 2004, at 1:55 PM, Kreimendahl, Chad J wrote:


Where's the gig capable machine?   It's hard to believe the $8k machine
only handles 45Mbps.


On Mar 15, 2004, at 11:31 AM, Shannon M. Anderson wrote:

 
Wow, that source fire isn't cheap is it?   We run 3  similar device 
from Sabrnet (www.sabrnet.com), But it not only has Snort with a good 
GUI admin for it. It also provides a gateway router w/serial T1/E1 
device, multiple Ethernets (10/100/1000), online updates, Firewall and 
VPN, Traffic control (CBQ's) and NAT failover.
  
Our cost was 2950.00 a unit and came in a 1U package for easy rack 
mounting. 
 
So if your looking for a really secure border router/gateway that can 
do it all this is where I would start looking.



-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Hummm... Shannon M. Anderson (Mar 15)
- <Possible follow-ups>
- RE: Hummm... Kreimendahl, Chad J (Mar 15)
  - Re: Hummm... Martin Roesch (Mar 15)
- RE: Hummm... Shannon M. Anderson (Mar 16)
  - Re: Hummm... Martin Roesch (Mar 17)
- RE: Hummm... Kreimendahl, Chad J (Mar 16)
  - Re: Hummm... Martin Roesch (Mar 16)
- RE: Hummm... Kreimendahl, Chad J (Mar 17)
- RE: Hummm... Shaffer, Paul D (Mar 17)