12.2 Commercial Solutions

There are a number of commercial Snort-based solutions on the market. They are, not surprisingly, very polished and full-featured. They are also not inexpensive. Three solutions rise to the top when considering the current products on the market.

12.2.1 Applied Watch Console

Developer:	Applied Watch Technologies
Link:	http://www.appliedwatch.com
Supported platforms	Pre-installed appliance available: OpenBSD, NetBSD, FreeBSD, Linux, Microsoft Windows, Mac OS 386/Sparc Sun Solaris, and other operating systems that run Java Runtime Environment

This is a full-featured Java-based console that can manage Snort sensors. A commercial version of Snort is available in the form of a hardware appliance, as well. The console or the sensor can also be purchased as an appliance.

12.2.2 PureSecure Console

Developer:	Demarc
Link:	http://www.demarc.com/products/puresecure/
Supported platforms:	Available for Windows, Linux, *BSD, and Solaris

PureSecure Console was an open source Snort management system that matured into a nice IDS management tool. It runs a stable and polished SSL-encrypted web interface and is a good interface for managing multiple Snort sensors. Figure 12-7 shows the PureSecure console.

Figure 12-7. The PureSecure personal edition management console

There's a commercial version and a personal version. The personal version is downloadable for no cost, but can only be used by home users. When installing the personal edition, start with a pristine, minimal operating system installation. The installation program downloads what it needs to run. Upgrade the individual components as needed. I consider myself advanced at system administration, and retrofitting PureSecure to an existing installation was challenging. The console manages alerts and rules well, but is disappointing when managing the sensor's configuration. The personal version is at http://www.demarc.com/downloads/PureSecure/personal.

12.2.3 Sourcefire Management Console

Developer:	Sourcefire, Inc.
Link:	http://www.sourcefire.com
Supported platforms:	Dedicated hardware appliance

Sourcefire is the company started by the initial developer of Snort, Martin Roesch. Sourcefire offers three main products: a sensor (based upon Snort—actually a more advanced version of Snort), a management console, and a product called RNA (Real-time Network Analysis), which is an event-correlation and anomaly-detection mechanism for intrusion detection.

There is no solution more full-featured or capable for network intrusion detection. Sourcefire is one of the primary contributors to open source Snort and, in fact, is the source of most of the newer, advanced features. If you are looking for a commercial NIDS solution and you don't have the time or ability to deploy an open source solution, consider the Sourcefire line of products.