Home > Is Snort right for the IDS needs of all clients?
FAQ::
EMAIL THIS LICENSING & REPRINTS

Is Snort right for the IDS needs of all clients?

14 Jan 2008 | SearchSecurityChannel.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Snort has been far more than a network "grep" tool for many years.
About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.
"Grep" refers to the Unix utility used to identify strings in content. Snort can indeed identify various content strings via direct traffic inspection. However, Snort has far more powerful protocol analysis and traffic reconstruction capabilities that don't get as much press as its signature matching engine. Snort won't necessarily meet the needs of all clients, but anyone who wants to collect indicators of suspicious or malicious activity will find Snort exceptionally helpful.

Return to the Snort FAQ guide and read the rest of Richard's expert responses.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
What is Snort?
Why is the Snort IDS still alive and thriving?
How does Snort's flavor of intrusion detection work?
What is the difference between Snort and Bro?

Open Source Security Software
Network session data analysis with Snort and Argus
How to use shared object rules in Snort
Why is the Snort IDS still alive and thriving?
What is the difference between Snort and Bro?
Will deploying Snort detect malicious events quickly?
How can the operator test Snort?
How can I learn more about Snort?
What does the future hold for Snort?
What extra functionality do Snort add-ons provide?
Does Snort support target-based intrusion detection?

Security Vulnerability Assessment
Top security tips for solutions providers
Why is the Snort IDS still alive and thriving?
How does Snort's flavor of intrusion detection work?
What is the difference between Snort and Bro?
Does Snort support target-based intrusion detection?
How can the operator test Snort?
Will deploying Snort detect malicious events quickly?
What extra functionality do Snort add-ons provide?
How can I learn more about Snort?
What does the future hold for Snort?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts