Snort Rule Writing for the IT Professional

by Keith DeBus
Oct. 7, 2017 0 comments INFOSEC Institute Detection & Response

Snort–the open source intrusion detection and prevention (IDS/IPS) system—for over a decade now has proven its value and efficacy and is ranked among the best IDS/IPS systems on the planet now. Snort installations can be found on every continent and in nearly every nation. It has been deployed by government/military agencies, non-profits, healthcare institutions, and private corporations. Although recent data indicates that Sourcefire, Snort’s commercial brother, is second only to Cisco in market share in the IDS/IPS market, this data fails to take into accounts the millions of IDS/IPS’s that use the open source Snort software as its detection engine. When these are included, Snort is likely the world’s most widely used IDS/IPS system.