Hi there, this looks interesting. How does Sentry differ from Moloch[1]? They appear to be pretty similar, but then your website doesn't really contain much info to go off of.
I haven't used Moloch myself, so I can't judge with complete accuracy, but here's my take:
1. Use case: Moloch, with it's focus on PCAP, is a cool network forensics tool, to be sure. Our focus is not only on security, but also on performance and troubleshooting. We use the traffic data as a foundation for integration with IDS alerts and latency (and jitter) data. The ability to pivot between views and visually correlate this data is incredibly (and surprisingly) useful for IT Staff who want to know at a glance if things are correlating or not. So I would suggest that Moloch is a little more limited in it's scope, at least in it's default configuration.
2. Usability: This ties in with the point below too. Our focus is making network analysis approachable for the average IT guy. Keeping things light, visual, and easy to use is super, super important to us. It's really the top item on our list under, you know, having correct data.
3. Maintainability (or SLAs, or whatever you want to call it). When I look at Moloch, I'm reminded of Zimbra, the free email server. Last time I installed Zimbra, it involved installing a lot of different stuff, configuring it all, and groking a LOT of documentation for different components before it was working to satisfaction. This is perfect for a certain market segment, the IT guy who has the time and energy to - not really roll his own - but to be really involved in everything that's going on.
the Sentry is not for that IT guy. We market to IT staff who don't have the time to install and maintain a bunch of components for a single tool. They have a security / network vision need (sorry about the buzzword) that needs to be filled, and they don't have a month to stumble through a complex linux install. Don't get me wrong, I personally am all about complex linux installs, I love getting into things myself, but this product is pre-packaged, with batteries included.
tcgarvin|11 years ago
1. Use case: Moloch, with it's focus on PCAP, is a cool network forensics tool, to be sure. Our focus is not only on security, but also on performance and troubleshooting. We use the traffic data as a foundation for integration with IDS alerts and latency (and jitter) data. The ability to pivot between views and visually correlate this data is incredibly (and surprisingly) useful for IT Staff who want to know at a glance if things are correlating or not. So I would suggest that Moloch is a little more limited in it's scope, at least in it's default configuration.
2. Usability: This ties in with the point below too. Our focus is making network analysis approachable for the average IT guy. Keeping things light, visual, and easy to use is super, super important to us. It's really the top item on our list under, you know, having correct data.
3. Maintainability (or SLAs, or whatever you want to call it). When I look at Moloch, I'm reminded of Zimbra, the free email server. Last time I installed Zimbra, it involved installing a lot of different stuff, configuring it all, and groking a LOT of documentation for different components before it was working to satisfaction. This is perfect for a certain market segment, the IT guy who has the time and energy to - not really roll his own - but to be really involved in everything that's going on.
the Sentry is not for that IT guy. We market to IT staff who don't have the time to install and maintain a bunch of components for a single tool. They have a security / network vision need (sorry about the buzzword) that needs to be filled, and they don't have a month to stumble through a complex linux install. Don't get me wrong, I personally am all about complex linux installs, I love getting into things myself, but this product is pre-packaged, with batteries included.
Hope that answers some of your questions!