NIDS: Network Intrusion Detection system are threat catching type software that is installed on server that are the gateway between your internal system and the world wide web. These threat identifying rules/software is crucial line of defense in identifying the good guys vs bad guys. Here are some of the NIDS system on the market:
SNORT: This is the oldest NIDS system and has nearly 40,000 users and It supports Window and many types of Linux systems. However, it does not support by default multi-core machines without special configuration.
SURICATA: This younger NIDS system that works with SNORT ruleset and is funded through government. It is known for its efficiency and works will with Emerging Threats ruleset. Its mostly suited to give best performance when its run on multi-core systems.
SAGAN: open source system that runs under the nix operating system(Linux, OpenBSD, FreeBSD). Its written in C which allows it give high performance log and event analysis. Sagan structure and rules work similar to Snort IDS/IPS system so that Sagan can correlate logs from Snort IDS/IPS systems and write the findings Snort IDS/IPS databases. Sagan is also compatible with all Snort consoles. Sagan also offers automatic firewall support via Snortsam, GeoIp detection/alerting and much more.
Read more: https://github.com/Snorby/snorby/wiki/Snort-vs-Suricata-vs-Sagan
No comments:
Post a Comment