Suricata vs Sensei

Started by GreenMatter, June 22, 2020, 05:28:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 22, 2020, 05:28:24 PM

Security wise, are these 2 comparable? Of course, when it comes to reporting Sensei is way better and may have lan based policy.
Sensei paid subscription is cheaper (home/soho) than ET Pro subscription but has anybody tested their effectiveness?
Thanks for any suggestions!
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 22, 2020, 06:19:10 PM #1
They are quite different in their approach. I´m currently using Sensei (home license) and loving it so far.

Wait for 20.7 when, hopefully, both would be able to work in the same interface.
June 22, 2020, 06:34:06 PM #2
Quote from: Mitheor on June 22, 2020, 06:19:10 PM
Wait for 20.7 when, hopefully, both would be able to work in the same interface.
By both you mean running Suricata and Sensei in parallel? Wouldn't it be a big performance penalty?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 22, 2020, 06:35:35 PM #3
Quote from: GreenMatter on June 22, 2020, 06:34:06 PM
Quote from: Mitheor on June 22, 2020, 06:19:10 PM
Wait for 20.7 when, hopefully, both would be able to work in the same interface.
By both you mean running Suricata and Sensei in parallel? Wouldn't it be a big performance penalty?

Well, it depends on the resources the server has. It doesn´t have to impact the traffic.
June 22, 2020, 07:15:28 PM #4
Remaining question is which one is more secure? Is paid Sensei subscription close to 0 day / ET Pro?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 22, 2020, 08:59:46 PM #5 Last Edit: June 22, 2020, 10:24:47 PM by Mitheor
Quote from: GreenMatter on June 22, 2020, 07:15:28 PM
Remaining question is which one is more secure? Is paid Sensei subscription close to 0 day / ET Pro?

As of now, Suricata.

Sensei is more focused on policing your outgoing traffic than "protecting your network" (even though that will change/improve in the near future).
June 22, 2020, 10:23:51 PM #6
Thanks, so more like DPI with some basic malware protection as part of IPS... But it's a way easier to configure. Number of rules in Suricata kills me :-)
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
July 09, 2020, 02:24:24 PM #7
I am also a little bit unsure what product might be better.
I also use both, but I also have been hacked while having both on, even with all rules enabled and dropped. So it depends on what type of attacks you try to defend against.
If you have both enabled, Sensei is asking you to configure suricata to listen on WAN and keep Sensei on the LAN site. So you wont be able to double protection on one site. This is a recommendation by sunnyvalley and maybe some others too.
Print
Go Up Pages1
User actions