[Oisf-users] Comparative test between Palo Alto and Suricata

David Sussens dsussens at gmail.com
Sat Mar 21 18:21:08 UTC 2015

Palo Alto's APPID is nothing but a classification system to be-able to
group applications and thus make blocking more absolute.  Its a great idea,
but Snort has just launched OpenAPPID.  I am certain that Suricata will be
able to support the same in the next few months.  Again though, its purely
a classification system, and in many instances muddies the waters quite a

I am not testing the firewalling functionality of the Palo Alto.  This is a
direct comparison between the Suricata IPS engine and the Palo Alto IPS

The results are interesting to say the least.  I will submit my findings in
Word Doc format if that's okay, as it makes it easier for me to capture the
pictorial type results out of Acunetix and OPENVAS.

The results will be in, in the next couple of days.  Will share them at
that point.

On Fri, Mar 20, 2015 at 11:47 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> Hash: SHA1
> Have you been able to emulate the next-generation firewall features
> (App-ID) of the Palo Alto's on suricata yet?
> This isn't a criticism as I like both products, but AFAIK suricata isn't
> a firewall.
> - -Coop
> On 3/20/2015 10:38 AM, None None wrote:
> > I am currently doing a comparative side by side test between Suricata
> > and Palo Alto, and I would very much like to share the results of the
> > tests in a manner that other users can see the outcomes.
> >
> > Palo Alto is sold to be the silver bullet of network protection, however
> > my experience thus far has been that Suricata decimates the Palo Alto I
> > am testing in terms of detection accuracy and blocking of attacks.
> >
> > What is the best way for me to submit my findings?
> >
> > Thank you,
> >
> > Neo.
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Training now available: http://suricata-ids.org/training/
> >
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> Version: GnuPG v2.0.17 (MingW32)
> 1b64KKkKH2XefvYnAK2l+THCguP5t2S71kboxO/yv89GKRa+f1RbWcbnAODoe3ij
> nz/kypzExBKma8Ng/b4M9hzmPGlqC78aL5F9HLk0rKkyTfjpKt2ojrsx6CXvjFL/
> mp+6CMTXBACqL8c8uEWviyp5V6pkKu8xoNcufMUWP0kx0h1kb+UwEz7KebslMF0O
> diEP41k+XgITyXcRpGn9vrsNU48h6Qyvapsb8wL/bPIr8s9hMA6KL1MOWeKQMA9n
> wldqdAQYBTN9tNjTv2sfR6UGQITLj4k/HXhdgwSC1ORvVuAwH3FPnbuldFHxQ9E=
> =c1tJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150321/89525b1d/attachment-0002.html>

More information about the Oisf-users mailing list