IDS/NDROpen source · GPL-2.0
Snort
By Cisco
An open-source intrusion detection and prevention engine that matches network traffic against an actively maintained ruleset. Cisco maintains Snort 3 following its 2013 acquisition of Sourcefire and uses the engine inside Cisco Secure Firewall.
Verified Source: 1
- Product type
- Software
- Deployment
- On-premCLI
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- Free
Capability checklist
IDS/NDRHow Snort measures up against the full Intrusion Detection & Network Detection and Response taxonomy.
- Signature-based detection — supported
- Matches traffic against known attack and exploit signatures.
- Behavioral anomaly detection — not supported
- Baselines normal traffic patterns to flag deviations without a known signature.
- East-west traffic visibility — not supported
- Sees lateral movement between internal hosts, not just traffic crossing the perimeter.
- Packet capture & forensics — supported
- Stores full or metadata-level packet history for post-incident investigation.
- Threat intelligence integration — supported
- Enriches detections with known-bad IPs, domains, and indicators from feeds.
- Inline blocking (IPS mode) — supported
- Can actively drop malicious traffic in real time rather than only alert on it.
- Encrypted traffic analysis — not supported
- Flags malicious patterns in encrypted flows without decrypting them.
Alternatives
Other Intrusion Detection & Network Detection and Response tools with overlapping capabilities, sized for similar teams.