Network Protection: Use Suricata for IPS
Götz Reinicke commented
Yes please have a closer look into that. Snort is a great tool but has poor performance.
Saber Zaid commented
sophos please add this into the utm
Martin Seener commented
I would really like changing from snort to suricata (or even user-option like dual-av) since with suricata IPS would be much smoother on less high-Ghz but multi-core CPUs like Intel Atoms with 2 to 8 cores!!!
Andrew Engel commented
Yes this would be an awesome addition.
considering that snort is now owned by cisco snort is as good as dead. Snort is NOT multi-threaded. What is done is snort is run in multiple instances based on cpu thread count.
Alan, Snort supports multi-process, which is very different than multi-threaded.
With MP, memory usage increases linearly with each additional process, etc.
Suricata looks interesting, though you might not be aware that UTM's implementation of Snort is multi-threaded.