Martin Roesch, developer of popular open-source intrusion-detection system, Snort, remembers the days when he'd...
hear tremendous feedback from users at security conferences on his product.
But, there was always a "but."
"People would tell me how much they like Snort and they were really interested in it, but they couldn't use it or couldn't buy it because there was no support and no company behind it," Roesch said.
That prompted Roesch to start his company, Sourcefire, in January 2001, putting a name behind the product and making the first move toward making a commercial-grade version of Snort.
Thirteen months later, Snort is there.
Sourcefire announced today the availability of the OpenSnort Management Console, an appliance based on Snort and the OpenSnort Sensor that gives network and enterprise IT managers a central console to view intrusion and attack data.
"Out of the gates, things look good with Sourcefire creating an appliance and adding a management console," said Peter Lindstrom, director of security strategies for Framingham, Mass.-based Hurwitz Group. "These are two quick value-adds that easily demonstrate the difference between open source and commercial."
The console manages a distributed environment of OpenSnort sensors, correlates collected data from those sensors and presents it to an administrator on a single console.
"It's very centralized. The rule sets are the big thing -- you can download updated rule sets from their site and it's easy, one touch, " said Ken Redman, computer operations manager for Mount Sinai School of Medicine in New York City. "On one screen, for example, you can see what rule has been flagged the most or what IP addressed has been flagged the most over the last 24 hours or whatever period of time. You can see how immensely useful this is."
Redman, whose department supports the 3,500-user research division at Mount Sinai, is a longtime Snort fan, one of 500,000 downloads.
"The support is phenomenal. I hope they keep that up, because it's one of the biggest selling features," said Redman, who has been using the management console for a few months. "It's based on Snort, which is a great product, it's free and the developer is the guy behind the company. It doesn't get better than that."
The Open Management Console manages policies and logs for sensors distributed along an enterprise network. Administrators use a Web-based graphical user interface (GUI) to view correlated data, Roesch said. Users can also store data for historical analysis. Roesch said that the product could scale to meet the needs of service provider networks to small and medium-size businesses to enterprise users.
"Sourcefire is all about potential," Lindstrom said. "It's well-respected in the space for its performance and flexibility. Now they need to build their management team and create a solution out of it."
Snort has its differentiators, Lindstrom said, and it also has plenty of company.
"It sure is a busy space," Lindstrom said. "Look to the entire threat management space consolidating this year."