Looking to move forward in deploying IDS/IPS on several FreeBSD firewalls and I was curious about the difference between snort and suricata. I know that Suricata is multi-threaded but in terms of rule processing and other how they work is there any real difference that should sway me to pick one of the other?
Firewall – is there any real Difference between snort and suricata
firewallidsipsnetworkingsnort
Related Topic
- Iptables – How to set up an IPv6 DMZ with iptables without a static allocation
- The difference between fail2ban and snort
- How to set Suricata to log only DNS queries that come from specific IP addresses
- Ubuntu – Can Suricata be used as an effective IPS on a single server
- Snort Traffic Rules Not Applying – Troubleshooting Tips
Best Answer
The main difference is that Suricata uses GPU in IPS mode. It has more advanced IPS mode in general, includes multitasking, and as result you get high performance allowing to process up to 10Gbe traffic on a regular hardware. And it fully supports Snort rules. You can learn more about Suricata features here: https://suricata-ids.org/features/all-features/