Snort / PfBlocker-NG vs Subscription to Talos
-
Hello all. I'm testing a Meraki Z4 router at work. It uses Snort v3 (Talos). I am running a few PfSense appliances (8-10) with PfBlocker-NG and Snort (both freeware versions).
The Meraki (Snort / Talos subscription) seems to block much more.
So my question is..... If I purchase the subscription version of Snort, will I have the same protection as the Meraki I'm testing?This is a sincere question.. not meant to start any controversy. I'm really not impressed with the Z4 outside of the cloud-based management to see all units. I think PfSense, dollar for dollar is at least equal to it at a fraction of the cost (although no cloud based central management as Meraki has).
So, if I purchase the Snort subscription, and use PF-Blocker-NG, will I have the same protection as the Meraki Z4?Thanks for any input. I really want to move foreward in installing PfSense in more offices, but I need to sell the cost savings and comparable security.
-
https://www.snort.org/products#rule_subscriptions
If applying for the business license than you will get , according to the snort website, the same ruleset as NGIPS customers. So to answer your question, yes you will have the same level of protection.
Now here is the caveat. You need to enable the rules you care about. When purchasing a threat prevention license from Palo Alto or using Threat Prevention on Meraki, the rules that are on by default have been vetted by a security team and will more or less guarantee you low false positives. With snort on pfsense, you are the security team. You need to vet your own rules. Could be a blessing or a curse depending on size of the network and the amounts of alerts coming in and if you are using a SIEM to assist in investigating those alerts.
Maeraki is turn-key solution so lots of those worries are non-existent. -
Thank you for the reply. So now I need to experiment with the rule-sets so see why my PfSense box does not block the same sites as the Z4.........