CounterSnipe: Intrusion Detection and Prevention (IDS/IPS) Software
Part Numbering: CS-APSxxx ( replace xxx with the number of hosts visible to CounterSnipe within your organization )
Licensing: Based on number of hosts (Unique Active IPs) within your organization. Unlimited CounterSnipe installs.
Supported Hardware: http://www.ubuntu.com/certification/server/ Please look in the Ubuntu 14.04 LTS column plus most other hardware that you can run Linux on.
CS-APS - Standalone Security System(CS-APS) for enterprise security management
TMC - A Threat Management Console(TMC) for managing remote IDS sensors
APD - An IDS sensor to be managed by TMC
Ubuntu 14.04 LTS 32bit on Physical Hardware or Virtual Machine
Windows Platforms via Oracle Virtualbox
We also have APD (sensors only) available for Centos
CounterSnipe started life as an Intrusion Prevention System(IDS/IPS) with an easy to use management GUI. The software has grown over time, with a lot of feedback and input from our customers and today includes over 40 network and change detection utilities in order to deliver an intelligent IDS/IPS based network security management system.
CounterSnipe key features include;
Most of these can be controlled manually or left to run automatically in real time.
An IDS system consists of an , Intrusion Detection Rules, Rule Management System, Alert Management System, and all other components to make all of that effective.
Suricata as an IDE
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF).
Top 3 Reasons why we chose Suricata, in addition to the fact that our Head of Product Development, Amar Rathore is also on the Suricata Board:
1. Highly Scalable
Suricata is multi threaded. This means you can run one instance and it will balance the load of processing across every processor on a sensor Suricata is configured to use. This allows commodity hardware to achieve 10 gigabit speeds on real life traffic without sacrificing ruleset coverage.
2. Protocol Identification
The most common protocols are automatically recognized by Suricata as the stream starts, thus allowing rule writers to write a rule to the protocol, not to the port expected. This makes Suricata a Malware Command and Control Channel hunter like no other. Off port HTTP CnC channels, which normally slide right by most IDS systems, are child’s play for Suricata! Furthermore, thanks to dedicated keywords you can match on protocol fields which range from http URI to a SSL certificate identifier.
3. File Identification, MD5 Checksums, and File Extraction
Suricata can identify thousands of file types while crossing your network! Not only can you identify it, but should you decide you want to look at it further you can tag it for extraction and the file will be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, so if you have a list of md5 hashes you want to keep in your network, or want to keep out, Suricata can find it.
single software, single licencing, so much more than IDS/IPS
"According to Gartner 70% of the security breaches occur due to intentional or unintentional misconfigurations."
CounterSnipe helps you detect those changes in real time and adjust the protection accordingly.
Managing IDS rules is easy as abc....view, decide and deploy (One of the many easy to use screens of TMC)