Snort VRT Rules Question - Anyone Using them in SMB setting?
-
Hello,
I'm looking at setting up a UTM device with pfsense and came across snort for IDS/IPS. The FW is going to be used in a SMB setting that has to be PCI compliant. However, after some research, it seems that Snort is $499/$399 per device/year, depending on configuration - this seems a bit high when compared to our current SonicWALL/Watchguard setup.
So my question is, are people really using VRT ruleset for their SMB locations? I'm all for Open-Source and supporting the community but Snort is owned by Cisco and this seems a bit extreme.
-
Snort cost that much before the acquisition. If you don't pay you can still use it, you just get rules a few weeks later than anyone else. You could always use the free rules and emerging threats.
-
I have Snort VRT and ET Pro rulesets. If I had to choose between them, I would subscribe to the ET Pro ruleset and use the Snort open ruleset.
-
Thanks for the input.
Jason - I was actually eluding that you could justify, before Cisco, with "Support the Community" logic but with the acquisition, it becomes a dollars and cents decision.
BBCan - I'll look into those, appreciate the suggestion.
-
Thanks for the input.
Jason - I was actually eluding that you could justify, before Cisco, with "Support the Community" logic but with the acquisition, it becomes a dollars and cents decision.
BBCan - I'll look into those, appreciate the suggestion.
That doesn't make any sense. You were willing to spend $500 before but not now simply because Snort was bought by a larger company. Sourcefire was never a not-for-profit and they got paid something fierce when they were purchased (it was almost $3B if memory serves).
Anyway, this price is way cheaper than the IDS options on Cisco's ASAs.