300 Comparative Tests Driven Against Suricata and Snort

[Sebastien Damaye <sebastien.damaye () gmail com>]

For years, Snort (developed and maintained by SourceFire) has been the de
facto standard for open source Intrusion Detection/Prevention Systems
(IDS/IPS). Its engine combines the benefits of signatures, protocols, and
anomaly-based inspection and has become the most widely deployed IDS/IPS in
the world.

Suricata, a new and less widespread product developed by the Open
Information Security Foundation (OISF), has recently appeared, and seems
really promising. It is also based on signatures but integrates
revolutionary techniques. This engine embeds a HTTP normalizer and parser
(HTP library) that provides very advanced processing of HTTP streams,
enabling the understanding of traffic on the 7th level of the OSI model.

More than 300 tests have been conducted against two platforms receiving the
same payloads. Based on these tests, conclusions will be discussed to
present the advantages and limitations of these two products.

Read more here: http://www.aldeid.com/index.php/Suricata-vs-snort

-- 
Cordialement/Regards,

Sébastien Damaye
http://www.aldeid.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/