Home
Topics
Security Channel
Application security and data protection
Why is the Snort IDS still alive and thriving?

FAQ

Why is the Snort IDS still alive and thriving?

No one wants to simply "detect" intrusions. Everyone, quite rationally, wants to prevent intrusions. Leading up to 2003, IDS vendors claimed ever greater capabilities to detect intrusions, with supposedly lower false positive rates. Customers naturally asked the question, "If you can detect it, why can't you prevent it?" Companies selling so-called "intrusion prevention systems" answered "We can!" and dealt a body blow to the IDS market.

About the author

Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

The undeniable fact of the matter, however, is that preventing a network-based intrusion requires detecting it. No one has built, or ever will build, a network-based (or host-based, or anything-else-based) system that performs 100% accurate detection, so that means 100% prevention is also impossible. What should you do with events that are not regarded with 100% confidence as being malicious? If you block them, you could deny legitimate business traffic. The sensible alternative is to alert on them and let a human analyst investigate the situation. Hence, we have returned to seeing IDS as a useful tool. IPS, incidentally, is quickly becoming another feature on the network firewall.

Return to the Snort FAQ guide and read the rest of Richard's expert responses.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- proxy hacking
- data recovery agent (DRA)

This was first published in January 2008

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Microscope
Cloud Provider
Security
Networking
Storage
Cloud computing
Server Virtualization
Data Backup

MicroscopeUK
- SME confidence linked to positive IT use
  
  The latest Symantec global SME confidence survey has found those using IT for growth are best placed
- Annodata hires Azzurri, Intrinsic talent in sales push
  
  Former Azzurri and Intrinsic bosses to help shepherd comms business to £100m revenue target
- Norway's Green Mountain has green data locked down
  
  Nick Booth jets off to Norway to visit a datacentre with energy efficiency and security credentials to die for
Cloud Provider
- Providers find value in vendor-specific cloud certifications
  
  Vendor-specific cloud certifications let providers show their technological expertise in ways independent audits can't.
- News briefs: Red Hat OpenShift Online goes live; Lenovo pushes cloud
  
  This week, Red Hat's OpenShift Online rolls out for commercial use, Lenovo enters the cloud market and NTT deploys VMware network virtualization.
- Open source vs. proprietary cloud provider platforms
  
  The choice between an open source or proprietary cloud platform plagues cloud providers, as open source platforms mature and end-user needs evolve.
Security
- Users may remain vulnerable despite Oracle Java patch release
  
  Oracle has issued a new security patch for Java, but only 7% deployed the patch before it.
- Gary McGraw: NSA data collection programs demand discussion, scrutiny
  
  Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.
- Enterprise BYOD offers mixed bag for enterprise endpoint security
  
  A Gartner analyst says enterprise BYOD -- specifically iOS and Android devices -- presents many pros and cons for enterprise endpoint security.
Networking
- Marble Security's cloud-based mobile security service augments MDM
  
  Marble Security released its new cloud-based mobile security service that can work with MDM tools for protection of employee-owned mobile devices.
- New VMS feature enables big spines of Mellanox Ethernet ToR switches
  
  A new Layer 3-based Virtual Modular Switch feature on top-of-rack Ethernet switches from Mellanox enables large clusters for leaf-spine architecture.
- Can your existing tools juggle so many external services?
  
  You need to make sure you have the right tools to effectively monitor so many new externalized services. Expert Henry Svendblad shows you how.
searchStorage
- Imation upgrades Nexsan Assureon object-based storage archive
  
  Imation makes first product upgrade since acquiring Nexsan, delivering Assureon 7 for object-based storage archiving.
- Following Dell acquisitions, users find platform integration enticing
  
  Customers want to see the storage products Dell has gained through acquisitions better integrated with common management.
- Converged systems offer turnkey storage and server bundles
  
  Storage vendors are packaging their products with servers and networking gear to create ready-to-run converged systems. Could this be the end of best-of-breed deployments?
Cloud computing
- PaaS market heats up with Red Hat OpenShift, Savvis AppFog buy
  
  PaaS made headlines last week, but it's still difficult to gauge the true level of interest in Platform as a Service in the enterprise world.
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
Server Virtualization
- Moving VMs around? Avoid downtime with Hyper-V Live Storage Migration
  
  Live Storage Migration eliminates the downtime associated with moving VM files from one storage location to another and helps improve performance.
- RHEV proves to be a cost-effective alternative to vSphere
  
  Some IT departments have turned to low-cost, flexible virtualization platforms, such as Red Hat Enterprise Virtualization, to lower VMware costs.
- Guidelines for moving multiple VMs with Hyper-V Live Storage Migration
  
  Live Storage Migration makes it easy to move multiple storage files of running VMs without downtime, but there are practical limits you should know.
searchDataBackup
- Zetta improves DataProtect with WAN optimization
  
  Zetta adds WAN optimization to its DataProtect enterprise cloud backup and disaster recovery software.
- SMB data backup strategy must overcome data protection issues
  
  Jason Buffington discusses some of the major data protection issues an SMB must overcome in building their data backup strategy in this podcast.
- HP turns StoreOnce into virtual storage appliance
  
  Hewlett-Packard delivers virtual software appliance version of its StoreOnce deduplication technology and a scalable midrange tape library.

All Rights Reserved,Copyright 2006 - 2013, TechTarget