Snort is a network-centric product. As an intrusion detection system, it can inspect traffic inline or offline, and act passively or actively.
About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.
Snort mostly relies on a "known bad" or "suspected bad" approach, observing traffic for patterns that correspond to malicious or suspicious activity. When Snort detects such activity, it can alert (passive mode) or block (active mode). The first is an IDS; the second an IPS.
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.