|< Day Day Up >|
12.2 Commercial Solutions
There are a number of commercial Snort-based solutions on the market. They are, not surprisingly, very polished and full-featured. They are also not inexpensive. Three solutions rise to the top when considering the current products on the market.
12.2.1 Applied Watch Console
This is a full-featured Java-based console that can manage Snort sensors. A commercial version of Snort is available in the form of a hardware appliance, as well. The console or the sensor can also be purchased as an appliance.
12.2.2 PureSecure Console
PureSecure Console was an open source Snort management system that matured into a nice IDS management tool. It runs a stable and polished SSL-encrypted web interface and is a good interface for managing multiple Snort sensors. Figure 12-7 shows the PureSecure console.
Figure 12-7. The PureSecure personal edition management console
There's a commercial version and a personal version. The personal version is downloadable for no cost, but can only be used by home users. When installing the personal edition, start with a pristine, minimal operating system installation. The installation program downloads what it needs to run. Upgrade the individual components as needed. I consider myself advanced at system administration, and retrofitting PureSecure to an existing installation was challenging. The console manages alerts and rules well, but is disappointing when managing the sensor's configuration. The personal version is at http://www.demarc.com/downloads/PureSecure/personal.
12.2.3 Sourcefire Management Console
Sourcefire is the company started by the initial developer of Snort, Martin Roesch. Sourcefire offers three main products: a sensor (based upon Snort—actually a more advanced version of Snort), a management console, and a product called RNA (Real-time Network Analysis), which is an event-correlation and anomaly-detection mechanism for intrusion detection.
There is no solution more full-featured or capable for network intrusion detection. Sourcefire is one of the primary contributors to open source Snort and, in fact, is the source of most of the newer, advanced features. If you are looking for a commercial NIDS solution and you don't have the time or ability to deploy an open source solution, consider the Sourcefire line of products.
|< Day Day Up >|