Is Snort right for the IDS needs of all clients?

While the Snort IDS may not suit all customers, its unheralded protocol analysis and traffic reconstruction capabilities make it more broadly useful than some might think.

Snort has been far more than a network "grep" tool for many years.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

"Grep" refers to the Unix utility used to identify strings in content. Snort can indeed identify various content strings via direct traffic inspection. However, Snort has far more powerful protocol analysis and traffic reconstruction capabilities that don't get as much press as its signature matching engine. Snort won't necessarily meet the needs of all clients, but anyone who wants to collect indicators of suspicious or malicious activity will find Snort exceptionally helpful.

This was last published in January 2008

Dig Deeper on Application security and data protection

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close