Use your Snort to sniff traffic
September 21, 2021
Currently Snort's main use is IPS (Intrusion Detection System) which gives us the ability to give the company real-time traffic analysis …
Snort
Overview
Recent Reviews
Reviewer Pros & Cons
View all pros & consVideo Reviews
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Snort, and make your voice heard!
Pricing
View all pricingN/A
Unavailable
What is Snort?
Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
3 people want pricing too
Alternatives Pricing
What is CrowdStrike Falcon?
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance…
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…
Features Scorecard
No scorecards have been submitted for this product yet.Start a Scorecard.
Product Details
What is Snort?
Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
Snort Video
Snort 101
Snort Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Comparisons
View all alternativesCompare with
Reviews and Ratings
(27)
Reviews
(1-5 of 5)- Popular Filters
Companies can't remove reviews or game the system. Here's why
September 21, 2021
Use your Snort to sniff traffic
Currently Snort's main use is IPS (Intrusion Detection System) which gives us the ability to give the company real-time traffic analysis along with data packet logging. This is mainly used in the main corporate environment to analysis traffic for any potential malicious activity.
- IPS detection.
- DoS detection.
- Packet logging.
- Configuration in Linux.
January 16, 2021
Peace of mind and another layer of security
Currently we are using Snort in the IT department as another layer of security and protection against intrusions and cyber attacks. Many companies as of late are getting hit by hackers and ransomware. Snort solves many security problems with its open source security system that can scan lots of traffic flowing through the network.
- Catches things Admins may miss with regular network scanning
- Keeps your network visibility high
- Is open source so code can be reviewed easily
- Due to its open source nature, it can be behind in updates
- It does have quite the complex setup process and configuration
- You don't get a whole lot of backend support included
April 25, 2018
To Sourcefire or not to Sourcefire?
At my current position, we have Sourcefire deployed inline in a "layer 2" fashion to allow not only for constant threat monitoring but to also actively block threats and attacks as they occur. We utilize Sourcefire in "Stacks" allowing us to have full redundancy and Five9's up-time and protection. Prior to Sourcefire, we used TippingPoint however, their 10Gbp performance was not as efficient as Sourcefire modules allowing true 10Gbps network performance and scanning.
- Real Time updates for security signatures via Talos
- Great signature blocking
- Excellent reporting via syslog to our Security Analytics collectors.
- At times can be unstable with Cisco bugs, require frequent upgrading.
- FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.
August 24, 2017
Snort and Guardian, safe and secure
I added SNORT and the guardian IPS to my firewall to help meet pci dss compliance. The setup was easy on my firewall - Ipfire - and I have had no problems related to its use. Before my cc terminal was changed, I had to disable guardian as it wouldn't let the old cc terminal through - I believe it was an SSL related issue. My old credit card processing company didn't seem interested in updating my terminal in a timely fashion. With the new cc terminal, I have had no issues. I sometimes leave my win xp virtual machine connected to the internet and have not seen any evidence of an intrusion. I know there are some false positives with the ruleset I use -emerging threats, but it has not blocked any traffic that has impaired any function on my network.
- I am no IS expert, but I feel SNORT and guardian really helps keep my network safe.
- So far it has been easy to administer.
- SNORT and guardian are easy to install add-ons for my firewall.
- There are plenty of false positives in the logs, but no problems noticed related to them.
August 10, 2017
Put some fire in your network security
We use Sourcefire as an intrusion detection/prevention platform, but also as a form of a web filter, blocking certain types of sites. Its use is centered only in IT, as there's no need for any other part of the organization to use it. The goal of having it is to address the concern of watching web traffic and having a mechanism to aggressively block known bad sites, attacks, requests, etc.
- The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
- Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
- In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.
- Due to the extensive interface, it can be quite overwhelming to try and manage the product. There are many different places to go to set up individual items. It would be nice to simplify the interface down a bit
- Upgrades can be somewhat hazardous. I think they are working to get the upgrade process streamlined, but currently moving major version (5.x to 6.x) there was a lot of additional work outside of the UI that if not done correctly can tank the system, requiring a fresh load or restore from backup