Results 1 to 4 of 4

Thread: Snort and Sourcefire

  1. #1
    Join Date
    Oct 2003

    Snort and Sourcefire


    I appologise if this question has already been asked.

    I have several questions hope people can answer it.

    1. There is Snort and Sourcefire , Sourcefire utilises Snort as the basis for its applications. What i want to know is what changes/enhancements does the IDS offered at sourcefire have over the free Snort offered at Snort.com

    2.Has anyone used Prelude IDS ? if so what comments do you have on it . also how does it compare to Snort.


  2. #2
    Senior Member
    Join Date
    Oct 2001
    These questions would be best answered by viewing the products webiste. They will usually have a reason or FAQ on what differs from their product and another.


    From what I gather it looks like sourcefire is an actual system your place on your network. Where snort is simply a program. Heres a bit from the site.

    Today: The Best of Both Worlds
    Today, Sourcefire combines the very best of open source with the best of the commercial world.
    Leveraging the power and reach of the open source Snort rules-based detection engine, Sourcefire adds a critical layer of asset and behavioral profiling. Sourcefire’s RNA (Real-time Network Awareness) maintains a persistent profile of a network and its assets. Using passive discovery methods, RNA adds a new level of visibility and intelligence.

    Sourcefire products are easy to use, out of the box, tuned and fully loaded, plug-n-protect appliances, with pre-optimized hardware and OS. Building on the proven, time-tested Snort intrusion detection engine, Sourcefire brings a new generation of the first ever unified intrusion and vulnerability management technologies to enterprises from manufacturing to the military.

    These include Sourcefire Intrusion Agents™ for Snort, commercial appliance versions based on Snort code, designed to make it easy for open source Snort users to fully capitalize on their investment in all open source Snort deployments.

    In addition, the Sourcefire Vulnerability Research Team (VRT), joined by the eyes and ears of the vast open source Snort community put the largest brain trust in network security at work for every Sourcefire customer.

    As part of an ongoing dedication and active involvement in the community, Sourcefire continues to enhance Snort. For example, the Sourcefire Security Education Program is a comprehensive certified training program. Delivered direct from the creators of Snort, users will learn the latest real world tools and techniques for optimizing Snort technology and all Sourcefire products.

    Sourcefire will continue to enhance open source as well as commercial versions. The result is a win-win for bringing truly effective network security for the real world.
    Whats a \"START\" button?

  3. #3
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    I have spoken with them at great length over the past year. They sell "ready made" boxes that you don't need to configure and the boxes are updated by their team, such as snort signatures. Just like your antivirus software. They inlclude decent monitoring tools or you can pay them do it. It's a snort IDS you don't have to build. They take care of the OS, database, reporting system and configuration.

    //EDIT Oops, Just like spazz mentioned. They aslo have classes on how to use the appliance.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  4. #4
    Senior Member
    Join Date
    Jan 2005
    mooret, this may confuse you slightly more, but there are alot more programs that will read your snort logs and parse them just as Sourcefire does.

    so try checkin snorts website (as spazzmatrix mentioned) they probably have a forum or newsgroup or even check out #snort on freenode i think.
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts