Emerging Threats Pro Suricata

The Emerging Threats Pro company became one more competitor of Sourcefire, having offered own technology of detection of penetrations and their prevention (Intrusion Detection System/Intrusion Prevention System, IDS/IPS) based on signatures. Sourcefire supervises the project on development of the popular Snort tools with the open code and has own base of signatures for detection of threats.

Suricata, also free program IDS/IPS tools released this year the non-commercial Open Information Security Foundation (OISF) group is the cornerstone of the products Emerging Threats Pro. Now in Emerging Threats Pro on a permanent basis and about 15 people work under the contract.^[1]

Emerging Threats Pro used a number of older rules of Snort for formation of signatures which are distributed for free, and transformed them so that they were suitable for Suricata IDS/IPS work. In Emerging Threats Pro integrated these processed rules with the rules created especially for Suricata, having created thus the base containing about 16 thousand rules of creation of signatures for the Suricata mechanism.

Rivalry between the groups conducting development of Snort and Suricata arose at once with the advent of the last Suricata in July of this year. The Sourcefire company published the statement explaining the principles to which it adheres during the work with the rule base Snort.

It is said in the statement: "Users of freely distributed Snort systems can receive the rules Snort on the website Snort.org free of charge with a delay for 30 days.

The users wishing to receive the rules Snort in real time i.e. right after the publication their Sourcefire Vulnerability Research Team group, can purchase a paid annual subscription for each Snort sensor on nominal value. Clients who purchased the products Sourcefire on a commercial basis receive the rules Snort in real time within the annual service contract".

According to representatives of Emerging Threats Pro, the service contract offered by it provides obtaining the database of signatures for Suricata along with the data of Telus Intelligent containing information on risks and threats which the company obtains according to the license at the Canadian company Telus.

Service package cost — from 300 dollars to 350 dollars a year for one sensor.

It is possible to expect that producers of specialized servers will announce support of Suricata base and will use it under the contract with Emerging Threats Pro.