Snort mailing list archives

Re: Hummm...

From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 16 Mar 2004 11:36:42 -0500

Hi Chad,

We have load balancing built into our sensors, we've developed asoftware-based method of grouping sensors together and having them doflow-based load balancing (i.e. flows maintain integrity acrossindividual sensors).

I'm not going to go into which database we're using exactly (it'sproprietary) except to say that we don't use the free databases foranything other than configuration storage and data caching on ourlow-end sensors. The DB we use for our high performance datamanagement system is an embedded in-memory indexing system, very verydifferent from most of the DB's you commonly see Snort users deploying.:) We use unified formatted output coming out of Snort and move thedata into the backend using our own data engine, it's still the sameSnort but pretty much everything else is custom on our systems.


     -Marty

On Mar 16, 2004, at 11:02 AM, Kreimendahl, Chad J wrote:

When you say built-in load balancing, are you speaking of a featuresimilar to what TopLayer does, or are you just speaking to theconsole? Also, any chance you're allowed to tell us what DB you use?I had figured postgres, but knowing your opinion on output plugins,also suspect you're doing something barnyard-like.

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: Monday, March 15, 2004 5:09 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Hummm...

Hi Chad & Shannon,

The gigabit sensor (NS 3000) is only available via Sourcefire or one of
our partners currently, the Dell relationship is selling our
NS500/NS1000 appliances only right now.  We're waiting to see how
things go with the reseller relationship before we commit to rolling
our full set of product offerings.

As far as Sourcefire pricing is concerned, our IDS pricing is in line
with other enterprise-grade IDS vendors.  Sourcefire isn't just
shipping "Snort on a box", we've got a considerable amount of custom
software including reporting tools, a data (event) analysis interface,
incident handling interface, policy builder, rules management, system
administration interface, online docs and so on built into our devices
in addition to our tech support, installation and training that we
offer as a corporation.  This is very different then just enabling some
linux features, installing Snort and then slapping MySQL/ACID on the
box and calling it a day, our systems are robust and built to scale.

If you want to use a metaphor for what we're doing, we can go to the
overused car thing.  You can buy a VW with a Porsche engine in it and
it's just a VW.  We're building Porsche's over here (well, more like
big trucks, but you get the picture).

The $8k machine is *engineered* to handle 45Mbps, it'll handle
precisely that amount while giving you the ability to go from
out-of-the-box to up-and-running in about 20 minutes and have
everything right there and running that you need to do intrusion
detection while being easy to use/administer and very scalable.  If it
breaks you get a phone number that's manned 24x7 to call, if you want
training on the product and how to do IDS we can provide that too.  We
also have enterprise features like built-in load balancing, hot
failover for our management console, a high performance built-in data
management system, etc.

I guess what I'm saying is that when I started Sourcefire the original
mission was to figure out how to get people to want to pay for
something that's free.  The only way to get there is if you add enough
value so that people feel compelled to pay for it, that's what we've
really worked hard to do.  We've got a several hundred customers who
believe that we are providing enough value to spend money because they
recognize the value of what we've built.

      -Marty

On Mar 15, 2004, at 1:55 PM, Kreimendahl, Chad J wrote:

Where's the gig capable machine? It's hard to believe the $8kmachine
only handles 45Mbps.


On Mar 15, 2004, at 11:31 AM, Shannon M. Anderson wrote:

 
Wow, that source fire isn't cheap is it?   We run 3  similar device
from Sabrnet (www.sabrnet.com), But it not only has Snort with a good
GUI admin for it. It also provides a gateway router w/serial T1/E1
device, multiple Ethernets (10/100/1000), online updates, Firewall and
VPN, Traffic control (CBQ's) and NAT failover.
  
Our cost was 2950.00 a unit and came in a 1U package for easy rack
mounting. 
 
So if your looking for a really secure border router/gateway that can
do it all this is where I would start looking.



--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Hummm... Shannon M. Anderson (Mar 15)
- <Possible follow-ups>
- RE: Hummm... Kreimendahl, Chad J (Mar 15)
  - Re: Hummm... Martin Roesch (Mar 15)
- RE: Hummm... Shannon M. Anderson (Mar 16)
  - Re: Hummm... Martin Roesch (Mar 17)
- RE: Hummm... Kreimendahl, Chad J (Mar 16)
  - Re: Hummm... Martin Roesch (Mar 16)
- RE: Hummm... Kreimendahl, Chad J (Mar 17)
- RE: Hummm... Shaffer, Paul D (Mar 17)