Snort mailing list archives
Re: Arguments for Snort
From: Shane Williams <shanew () shanew net>
Date: Tue, 11 Feb 2003 08:48:31 -0600 (CST)
Well, it looks like you've got a pretty good grasp on the arguments already, and for a company that's having to cut costs, the free angle is the most important. Of course, there will be the idiots who argue that you get what you pay for, so snort can't be very good. Point out that snort is essentially the freely available engine behind sourcefire, which is a commercial company. Point them to www.sourcefire.org to show them what snort is giving them the guts of for free. In other words, sourcefire can make money off of snort (in a spiffier form), but they give back to the community that helped them build it into what it is. Don't even mention licensing stuff, since you're trying to give it legitimacy to people who probably think open source is anti-capitalist. You might also point out that ISS themselves take snort quite seriously, since, according to the article at http://www.theage.com.au/articles/2002/09/22/1032055006051.html they have been trying to build in snort compatibility with a feature called "trons". As twig les pointed out, the fact that you can see, change, remove and add rules is a great advantage. The fact that there's a community of developers who come out with new rules within days of new threats is a bonus. And if they need to have a nice GUI interface, there are several to choose from. I prefer parsing my logs directly, but I've used Snortsnarf and it's pretty slick looking. I know there are others that are probably even better. Finally, if the company's really going to lose ISS licenses, then what does the company have to lose by trying snort out. It's a no risk experiment. If it doesn't work, they don't have to use it. On Mon, 10 Feb 2003, tfandango wrote:
Hi All- I work for a large company in their IDS department. There are a lot of cutbacks going on and the consensus is that we will probably drop some of our ISS licenses this year. Some of our senior members are running around complaining that we will lose IDS coverage yada yada yada. I see this as a wonderful opportunity to deploy snort boxes instead as I haven't been too fond of ISS's tools and frankly I find some of their licenses insulting. My problem is that this company is very resistant to change and especially change with open source applications (Some of our members specialize in FUD). Just wanted to know how Snort compares to ISS on a technical standpoint. Is there really any advantage to using ISS over Snort besides the fancy and very slow GUI interfaces? I plan to present this to my manager. Thanks... T. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | System Admin - UT iSchool =----------------------------------+------------------------------- All syllogisms contain three lines | shanew () shanew net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Arguments for Snort tfandango (Feb 10)
- Re: Arguments for Snort twig les (Feb 10)
- Re: Arguments for Snort Shane Williams (Feb 11)
- Re: Arguments for Snort Paul Schmehl (Feb 11)
- Best Enterprise Snort Configuration tfandango (Feb 12)
- Re: Best Enterprise Snort Configuration Paul Schmehl (Feb 12)
- Re: Best Enterprise Snort Configuration Ken Gunderson (Feb 12)
- Re: Best Enterprise Snort Configuration twig les (Feb 12)
- Re: Best Enterprise Snort Configuration Ken Gunderson (Feb 12)
- Re: Arguments for Snort Paul Schmehl (Feb 11)
- Re: Best Enterprise Snort Configuration Saad Kadhi (Feb 12)
- Re: Best Enterprise Snort Configuration Michael Boman (Feb 12)
- Re: Best Enterprise Snort Configuration Joerg Weber (Feb 12)
- Re: Best Enterprise Snort Configuration Bennett Todd (Feb 12)