IBM Snorts Security, Expands Anomaly Detection
Page 1 of 1
The Snort open source IPS platform debuted back in 1998 and has since become a popular system to write security signatures that protect enterprise IT assets. It's now a system that IBM is supporting in limited fashion for its lineup of IPS devices.
IBM's support for Snort signatures is part of a new security update that includes an IPS software update and the QRadar Network Anomaly Detection appliance which forms part of a new umbrella suite called the Advanced Threat Protection Platform.
As to why IBM is now embracing Snort IPS signatures, it's a question of customer demand.
"Many of our customers are being mandated by their internal compliance groups, hat say they need to run a certain set of signatures," John Cloonan Program Director, Threat Protection at IBM Security Systems told InternetNews.com. "These are open source Snort signatures that need to be run in the environment."
Cloonan noted that the problem that IBM customers have had with Snort is that they weren't left with the option of running IBM's IPS systems. IBM is also providing a user interface that enables customers to create their own signatures.
According to Cloonan, some very large customers came to IBM and said that they had to support the Snort signatures and were looking for IBM's help. The Snort signatures will not however be a replacement for IBM's existing IPS threat detection technology.
"Customers don't need to take and deploy all the Snort signatures that are available today as that overlaps with the detection that IBM offers with their protocol analysis module," Cloonan said. "The need is for customers that are creating custom signatures for their own environments."