Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
N/A
Trend Micro TippingPoint
Score 8.0 out of 10
N/A
Trend Micro TippingPoint is an intrusion detection and prevention system.
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
The inspection of data packets before they enter the firewall is a really beneficial to our security team. It segments the data from the LAN and really adds a great layer of security on top of our firewall. The technical support is very responsive and knowledgeable in use case of the product
The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.
Tipping point had a very nice GUI interface that sat on top of snort rules. It was easy to access, had nice customization of dashboards and output to syslog for SIEM solutions.
It was easy to configure rule sets, allow groups or singular allow/blocks or white-listing.
Security rule sets could be tweaked up or down and allow/drops signatures could be configured to help increase performance.
Biggest qualms I had with TippingPoint was that it was just a tad on the expensive side for what you get. Nowadays everything has gone UTM in firewalls and they do it all including IPS as part of the basic functionality so really, TP is losing a massive market share.
Don't see a future in the roadmap with so many other vendors getting onto the "unified" wagon and adding IPS as part of their service and at a cheaper price.
Snort was chosen mainly for the ease and cost. With Snort we was able to set up in a matter of minutes without any professional services needed. If you are used to packet tracing the old fashion way, this is the product for you.
