Is Snort right for the IDS needs of all clients?

Snort has been far more than a network "grep" tool for many years.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

"Grep" refers to the Unix utility used to identify strings in content. Snort can indeed identify various content strings via direct traffic inspection. However, Snort has far more powerful protocol analysis and traffic reconstruction capabilities that don't get as much press as its signature matching engine. Snort won't necessarily meet the needs of all clients, but anyone who wants to collect indicators of suspicious or malicious activity will find Snort exceptionally helpful.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: