News Stay informed about the latest enterprise technology news and product updates.

Snort (rules) for sale

Following the path blazed by Nessus in December, Snort will begin charging for timely, tested updates to its rules. How will it affect you?

Open source IDS Snort is quietly ushering in changes to its license agreement that allows it to charge for timely, tested rules. Sourcefire, manager of the open source project, said some vendors relying on those rules for their own commercial products aren't pleased.

"Sourcefire [is] preventing other commercial entities from profiting from their work [specifically, rules] without contributing back to the community," said Gary Hein, service director for Burton Group's Application Platform Strategies division. "I don't see this creating heartburn for Snort developers and end users, but mostly for commercial vendors that have IDS appliances based on Snort."

Sourcefire's chief marketing officer, Michele Perry, said the changes were announced to customers March 7 and that most of the transition has gone smoothly. However, "a few folks needed to add it to their budgets, and others [commercial vendors] understand it will impact their business in a big way," she said.

The popular IDS tool is the basis for about 45 commercial products, including those produced by SnapGear, Lucid Security, StillSecure, Intrusion Detection and PacketAlarm, to name a few. Internet Security Systems products also use Snort rules.

Perry said a list of "certified" vendors using Snort will be issued soon. Though she declined to name any participants, StillSecure's Chief Strategy Officer, Alan Shimel, said his company will be an official distributor of products using Snort rules. He fully acknowledges the years of hard work that have gone into making Snort the leading product it is today.

"Sourcefire's rules development process is backed by several million dollars worth of computer equipment, plus salaries for seven full-time vulnerability researchers and rule writers," said Richard Bejtlich,

More on open source

Nessus no longer free
Developers of the popular open-source tool are starting to charge commercial customers who bring nothing to the project's development.

Open source: Time to pay up
If you think open-source products are free, it's time to wise up.

technical director for the Monitoring Operations Division of ManTech's Computer Forensics and Intrusion Analysis group. "Given that revenue from rules subscriptions and integrator licenses will be reinvested in signature research and development, Snort users still receive the best security bargain anywhere."

Among the changes will be notification of new rules that can be pushed out automatically instead of having to check the Web site regularly. The rules will also be subject to strict testing prior to release. For example, "People are staying through the night to test [rules based on Microsoft's Patch Tuesday releases]," said Perry.

"Those using Snort to monitor their enterprise can register and receive rules for free, five days after paid subscription holders," said Bejtlich. "Those selling Snort within commercial products or services pay a fee that is minor compared to the value of commercial contracts and foregone research and development."

Updated Snort rules will be available as part of a subscription service, costing companies $195 per month, $495 per quarter or $1,795 annually. Educational institutions will be eligible for a discount. Others not concerned as much with timeliness can wait five days and get updated rules for free.

Perry said customers appreciate "the time, effort and equipment that keeps Snort at the top of its game. They know that whatever grows the Snort ecosystem is good for them."

Commercial vendors taking advantage of the open-source vulnerability scanner Nessus got a similar surprise in December when its project managers announced they would no longer offer free, timely "plugin" programs that contain vulnerability and testing information to such product and service vendors.

Nessus developer Ron Gula believes other open source projects, like spam blacklists, could also end up seeing commercialized updates. It remains to be seen how many open source tools and programs will follow the paths blazed by Nessus and Snort to support further development.

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.