How Can You Benefit from Snort?
Still not convinced that Snort is a viable alternative to the more expensive, commercial IDS systems? Here is a short laundry list of marketing bullet points:
Snort is cross-platform. Snort can be installed on Windows NT, Windows 2000, HP-UX, Solaris, OpenBSD, FreeBSD, NetBSD, Linux, MacOS X, and many more UNIX flavors and processor architectures.
There is an active community of users and developers. Alert signatures are often available immediately, if not within hours, of documented attack behavior. Bug reports and feature requests often are addressed directly by the development team, who participate in the snort-devel and snort-users mailing lists. There are many add-on utilities that are not part of Snort proper, but offer additional features and ease of use.
Snort does not carry licensing costs or software maintenance updates. You can deploy Snort in an organization filled to the gills with money or one that has no budget to speak of.
If you are concerned about commercial-grade help with Snort, there are companies such as Silicon Defense, who provide those services above and beyond what you find in the community forums.
Snort does not need to supplant any existing security infrastructure. Rather, it complements existing commercial products quite nicely.
Security should be not a single product, but a combination of multiple layers of products, policies, and procedures. As Bruce Schneier has stated, "Security is a process, not a product."