The best Open Source IPS/ IDS Manager

Enterprise and SP Management class for SNORT* and Suricata
Manage Your probes for FREE*, FOREVER with redborder choosing your option:
redborder
Deploy redborder on Premises
Try our New and Improved SNORT* Fork

Managing SNORT* events is not new to open source. What makes us unique is the Blend Security & Network Analytics.

Both SNORT* and Suricata are great examples of technology, but they lack an enterprise-ready open source management system.

 

This is what redborder has created, a very powerful complement to both, allowing you to centrally configure, supervise, and apply security policies in the open source realm. Its hierarchical, multi-tenant and multi domain structures control thousands of devices. Outstanding visuals help you investigate any security incident with ease.

 

In short, redborder offers cloud-based Open Source IPS/ IDS protection.

The management platform

The events generated by thousands of IPS/ IDS probes will reach a central point where they are collected, enriched, and stored by a real-time pipeline with scale-out capacity. This pipeline squeezes any value out of them before storage. Give your users the capacity to supervise and search the categorized and prioritized events of their interest, to visualize them in relation to other data sources and take action. 

Contextualization

Data is enriched with context without alteration based on existing data fields. This improves the decision-making and understanding processes. Additional data can come from external sources such as geolocation or reputation feeds, but also from other Apps active in the platform.

Dashboards and Reports

Create and share outstanding dashboards that help you detect threats and trends at a glance. Any view, with any filter applied, translates into a widget. Concurrent dashboards prioritize information relevant to each target user. Create automatic reports the same way.

SLICE & DICE

Dig into enormous amounts of data to get the most relevant information with the Druid OLAP engine. Any meta field can be searched and filtered to find what you need, and RAW data is stored in Hadoop for when you require maximum detail.

Policy Control

Managing SNORT* events is not new to open source. What makes us unique is the combination of scale and enterprise quality policy management in the same open source platform. Centrally manage thousands of Intrusion Detection System probes with proper access rights and privileges, device dependencies, rule feed alternatives, configuration rollback, and management auditing. This would make redborder stand on its own, but combined with the other Apps the only limit is your imagination.

Hierarchical Policies

Devices are configured in a hierarchical structure that allows you to manage them as groups, with configuration and policies enforced downstream while maintaining local independence. This applies to all levels, including the probe itself, its segments, and the different networks.

Policy Workflow

Policy management is a complex task. Create policy profiles with ease and apply them hierarchically to your devices. Rules can be searched, ordered, or categorized for simplicity. Any change can be recovered and is trackable. All deployments are controlled by you.

Multiple Feeds

redborder doesn’t provide its own rules feed, but enables you to access the best of them concurrently, without sacrificing anything. Be it Talos or Emerging Threats, Community or Paid, external or you own, control when you activate an update and mix and match rules as you need.

Centralized Configuration

When using SNORT* redborder Edition probes, configuration capabilities go beyond event and policy management. Through provided Chef templates, you can fully configure the probe, its network segments and its operation mode: IDS, IPS and IDS forwarding.

YOUR PROBE, YOUR CHOICE

IPS Management App is compatible with SNORT* and SNORT* redborder Edition probes. Suricata will be supported in the next release. Hopefully Bro will follow at some point. This will give our users a full spectrum of alternatives without requiring them to change. The Open Source community will gain a considerable boost in management capabilities to an already impressive array of technologies. Choose the probe technology that better fits your needs.  

SNORT* redborder Edition

Our engineers have taken SNORT*  to the next level, improving its performance in multi-core servers, adding centralized management - through the IPS Management App - and adding new features like improved reputation, geo-based protection, and extended file reporting.

redborder Hardware Appliances

Our engineers have taken SNORT* to the next level, improving its performance in multi-core servers, adding centralized management - through the IPS Management App - and adding new features like improved reputation, geo-based protection, and extended file reporting.

SNORT*

If you are a current SNORT* user and want to take your management capabilities to a new level, redborder is the answer. Without affecting your configuration specifics or hardware details, you will be able to centrally control them in a extremely powerful way.

Suricata

Suricata is a popular alternative to SNORT* with strong technical foundations. As it is fully compatible with SNORT* rules and barnyard2, we will support it soon. We will contribute to the community to further extend its JSON exporter to directly support redborder.