Home
Topics
Security Channel
Application security and data protection
Is Snort right for the IDS needs of all clients?

FAQ

Is Snort right for the IDS needs of all clients?

Snort has been far more than a network "grep" tool for many years.

About the author

Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

"Grep" refers to the Unix utility used to identify strings in content. Snort can indeed identify various content strings via direct traffic inspection. However, Snort has far more powerful protocol analysis and traffic reconstruction capabilities that don't get as much press as its signature matching engine. Snort won't necessarily meet the needs of all clients, but anyone who wants to collect indicators of suspicious or malicious activity will find Snort exceptionally helpful.

Return to the Snort FAQ guide and read the rest of Richard's expert responses.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- proxy hacking
- data recovery agent (DRA)

This was first published in January 2008

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Microscope
Cloud Provider
Security
Networking
Storage
Cloud computing
Server Virtualization
Data Backup

MicroscopeUK
- HotLink helps VARs address hypervisor management
  
  Latest Silicon Valley start-up touts award-winning multi-hypervisor and hybrid cloud management product as it sets up shop in Europe
- Adobe mulls over licensing changes
  
  Adobe's CEO has indicated that it is listening to customers concerns about license payment options and might make changes
- HP looks to former Acer, Lenovo boss to run PPS
  
  Dion Weisler to run Printing and Personal Systems (PPS) after Todd Bradley gets posted to China
Cloud Provider
- Providers find value in vendor-specific cloud certifications
  
  Vendor-specific cloud certifications let providers show their technological expertise in ways independent audits can't.
- News briefs: Red Hat OpenShift Online goes live; Lenovo pushes cloud
  
  This week, Red Hat's OpenShift Online rolls out for commercial use, Lenovo enters the cloud market and NTT deploys VMware network virtualization.
- Open source vs. proprietary cloud provider platforms
  
  The choice between an open source or proprietary cloud platform plagues cloud providers, as open source platforms mature and end-user needs evolve.
Security
- Users may remain vulnerable despite Oracle Java patch release
  
  Oracle has issued a new security patch for Java, but only 7% deployed the patch before it.
- Gary McGraw: NSA data collection programs demand discussion, scrutiny
  
  Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.
- Enterprise BYOD offers mixed bag for enterprise endpoint security
  
  A Gartner analyst says enterprise BYOD -- specifically iOS and Android devices -- presents many pros and cons for enterprise endpoint security.
Networking
- Marble Security's cloud-based mobile security service augments MDM
  
  Marble Security released its new cloud-based mobile security service that can work with MDM tools for protection of employee-owned mobile devices.
- New VMS feature enables big spines of Mellanox Ethernet ToR switches
  
  A new Layer 3-based Virtual Modular Switch feature on top-of-rack Ethernet switches from Mellanox enables large clusters for leaf-spine architecture.
- Can your existing tools juggle so many external services?
  
  You need to make sure you have the right tools to effectively monitor so many new externalized services. Expert Henry Svendblad shows you how.
searchStorage
- Imation upgrades Nexsan Assureon object-based storage archive
  
  Imation makes first product upgrade since acquiring Nexsan, delivering Assureon 7 for object-based storage archiving.
- Following Dell acquisitions, users find platform integration enticing
  
  Customers want to see the storage products Dell has gained through acquisitions better integrated with common management.
- Converged systems offer turnkey storage and server bundles
  
  Storage vendors are packaging their products with servers and networking gear to create ready-to-run converged systems. Could this be the end of best-of-breed deployments?
Cloud computing
- PaaS market heats up with Red Hat OpenShift, Savvis AppFog buy
  
  PaaS made headlines last week, but it's still difficult to gauge the true level of interest in Platform as a Service in the enterprise world.
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
Server Virtualization
- Moving VMs around? Avoid downtime with Hyper-V Live Storage Migration
  
  Live Storage Migration eliminates the downtime associated with moving VM files from one storage location to another and helps improve performance.
- RHEV proves to be a cost-effective alternative to vSphere
  
  Some IT departments have turned to low-cost, flexible virtualization platforms, such as Red Hat Enterprise Virtualization, to lower VMware costs.
- Guidelines for moving multiple VMs with Hyper-V Live Storage Migration
  
  Live Storage Migration makes it easy to move multiple storage files of running VMs without downtime, but there are practical limits you should know.
searchDataBackup
- Zetta improves DataProtect with WAN optimization
  
  Zetta adds WAN optimization to its DataProtect enterprise cloud backup and disaster recovery software.
- SMB data backup strategy must overcome data protection issues
  
  Jason Buffington discusses some of the major data protection issues an SMB must overcome in building their data backup strategy in this podcast.
- HP turns StoreOnce into virtual storage appliance
  
  Hewlett-Packard delivers virtual software appliance version of its StoreOnce deduplication technology and a scalable midrange tape library.

All Rights Reserved,Copyright 2006 - 2013, TechTarget