Snort creator, Sourcefire seek fresh approach

By Robert Westervelt, News Editor 17 Apr 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

IPS vendors continue to try and increase the knowledge that is available to respond to an attack and Sourcefire is trying to build on what it started with RNA. Charles Kolodgy, research director, IDC

The software vendor said that Snort, the open source packet-sniffer, would remain the backbone of its new strategy, which combines intrusion prevention, network behavior analysis and network access control and vulnerability assessment.

"This open source community gives us really the ability to communicate with customers like no other company in the security market can," said Michele Perry, Sourcefire's chief marketing officer. "We're very committed to the open source community. We continue to offer the engine. It's something we want to invest and expand."

Perry said Sourcefire has no plans to start charging for Snort. The company offers a free version of the rules that go into the Snort tool and a paid customer-version.

The vendor is introducing Master Defense Center, which is the main interface to aggregating security and policy events from up to ten appliances that can be deployed to view and prioritize events.

"This allows customers to put defense centers around the world and have one master center to pull reports and gain better visibility across the enterprise," Perry said.

Also being added is Network Usage Control, a utility that allows customers to set and enforce network user behavior policies. Through the Sourcefire Defense Center, customers can create compliance profiles and baseline configurations of acceptable behavior and use Sourcefire's real time network awareness (RNA) sensors to identify policy and regulatory non-compliance.

Perry said the new products can be purchased separately. The RNA works in conjunction with the Master Defense Center, Perry said.

More companies are turning to intrusion prevention systems to monitor the environment for insider threats, said Charles Kolodgy, a research director of secure content and threat management products at Framingham, Mass-based IDC. Sourcefire's challenge will be to differentiate itself against the likes of much larger competitors, Juniper Networks, Cisco Systems, ISS (now part of IBM Global Services and TippingPoint Technologies (now a division within 3Com).

"IPS vendors continue to try and increase the knowledge that is available to respond to an attack and Sourcefire is trying to build on what it started with RNA," Kolodgy said.

While larger vendors have more resources, the market for Sourcefire's RNA technology, which monitors network behavior, is dominated by much smaller players, including Waltham, Mass.-based Q1 Labs Inc., Kolodgy said.

While Snort remains the backbone of the strategy, Perry said Sourcefire will focus more on its RNA sensors, which enable network monitoring and analysis.

"Snort is a very important component. You'll see us doing more around RNA but not any less around Snort," Perry said. "RNA is so important as the foundation of the intelligence of the network behavior analysis component."

The base price of the defense center is $39,495. The price of the IPS components depends on network speed and start at $3,995.

Tags: Network Intrusion Detection (IDS),  UTM Appliances and Strategies,  Monitoring Network Traffic and Network Forensics,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Intrusion Detection (IDS) Preventing SQL injection attacks: A network admin's perspective Lifecycle of a network security vulnerability Best Intrusion Prevention and Detection Products Rogue AP containment methods SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security New product aims to control rogue applications that avoid firewalls How to perform a network forensic analysis and investigation Network Intrusion Detection (IDS) Research UTM Appliances and Strategies Best Unified Threat Management Products Unified threat management products gaining midmarket, enterprise foothold Virtual appliances boost flexibility, improve security Enterprise UTM security: The best threat management solution? Microsoft Threat Management Gateway has some drawbacks The case against UTM: Is there a better alternative? Rising Profile Check Point to acquire Nokia security appliance business McAfee adds NAC module, appliance for unified policy enforcement IBM announcements mark two years of ISS marriage Monitoring Network Traffic and Network Forensics PuTTY configuration tips: How to connect to remote network systems A guide to internal and external network security auditing Best practices for (small) botnets Botnet masters turn to Google, social networks to avoid detection Preventing SQL injection attacks: A network admin's perspective Breach prevention: How to keep track of data and applications Researchers find thousands of flawed embedded devices Network traffic collection, analysis helps prevent data breaches Lifecycle of a network security vulnerability Port scan attack prevention best practices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) Diffie-Hellman key exchange  (SearchSecurity.com) Einstein  (SearchSecurity.com) HIDS/NIDS  (SearchSecurity.com) network behavior analysis  (SearchSecurity.com) ultrasound  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary