Differences between open-source and commercial IDS
What is the difference between open-source IDS (Snort) and a paid IDS
IDS systems can be gathered into a couple of broad categories as to how they function. These usually fall along the lines of how the specific system detects violations. Therefore they may detect errors by looking at a deviation from normal activity or by means of a signature. Snort is a signature based IDS. Snort requires that you setup specific signatures that it is to alert you to should they be detected. Snort is also an open source product. The question as to what is better, open source or paid is open for debate. It's much like saying you would you prefer running an open source OS like Linux or commercial one like Windows. A commercial IDS will most likely offer you a support and maintenance should things go wrong or you need help. While you may not get that with Snort you do have access to a large user base that runs the application and are ready and willing to help. Many people are more comfortable with a commercial tool, while others simply don't have the resources or capital to afford a commercial IDS. Commercial IDS systems may have you wait for update, while open source solutions can be updated at any time. Regardless of what IDS you choose to install plan to spend a week or more setting it up and configuring it. After all that's the real task here is having it configured in such a way as to detect bad behavior and ignore non-problems.
This was first published in August 2006