News Stay informed about the latest enterprise technology news and product updates.

Snort creator, Sourcefire seek fresh approach

Sourcefire Inc. is launching Enterprise Threat Management. Sourcefire says the open source tool Snort is the backbone of the new strategy.

IPS vendors continue to try and increase the knowledge that is available to respond to an attack and Sourcefire is trying to build on what it started with RNA.
Charles Kolodgy,
research directorIDC
Network intrusion prevention vendor Sourcefire Inc., which went public last month, is revamping its product offering in what it calls a new strategy called Enterprise Threat Management.

The software vendor said that Snort, the open source packet-sniffer, would remain the backbone of its new strategy, which combines intrusion prevention, network behavior analysis and network access control and vulnerability assessment.

"This open source community gives us really the ability to communicate with customers like no other company in the security market can," said Michele Perry, Sourcefire's chief marketing officer. "We're very committed to the open source community. We continue to offer the engine. It's something we want to invest and expand."

Perry said Sourcefire has no plans to start charging for Snort. The company offers a free version of the rules that go into the Snort tool and a paid customer-version.

The vendor is introducing Master Defense Center, which is the main interface to aggregating security and policy events from up to ten appliances that can be deployed to view and prioritize events.

"This allows customers to put defense centers around the world and have one master center to pull reports and gain better visibility across the enterprise," Perry said.

Also being added is Network Usage Control, a utility that allows customers to set and enforce network user behavior policies. Through the Sourcefire Defense Center, customers can create compliance profiles and baseline configurations of acceptable behavior and use Sourcefire's real time network awareness (RNA) sensors to identify policy and regulatory non-compliance.

Perry said the new products can be purchased separately. The RNA works in conjunction with the Master Defense Center, Perry said.

More companies are turning to intrusion prevention systems to monitor the environment for insider threats, said Charles Kolodgy, a research director of secure content and threat management products at Framingham, Mass-based IDC. Sourcefire's challenge will be to differentiate itself against the likes of much larger competitors, Juniper Networks, Cisco Systems, ISS (now part of IBM Global Services and TippingPoint Technologies (now a division within 3Com).

"IPS vendors continue to try and increase the knowledge that is available to respond to an attack and Sourcefire is trying to build on what it started with RNA," Kolodgy said.

While larger vendors have more resources, the market for Sourcefire's RNA technology, which monitors network behavior, is dominated by much smaller players, including Waltham, Mass.-based Q1 Labs Inc., Kolodgy said.

While Snort remains the backbone of the strategy, Perry said Sourcefire will focus more on its RNA sensors, which enable network monitoring and analysis.

"Snort is a very important component. You'll see us doing more around RNA but not any less around Snort," Perry said. "RNA is so important as the foundation of the intelligence of the network behavior analysis component."

The base price of the defense center is $39,495. The price of the IPS components depends on network speed and start at $3,995.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Snort creator remains guiding force behind network detection system Martin Roesch remains the guiding force behind nearly all of the improvements made to Snort, which is at the heart of Sourcefire's network detection system. Despite business pressures that could potentially sidetrack any vendor's technology improvements, Roesch guides Snort with a steady hand. He created Snort as an open source project in 1998 and in 2001 he founded Columbia, Md.-based Sourcefire Inc. to sell appliances and software that uses the Snort engine. In an interview with, Roesch said improvements are mainly his ideas and are shaped by the exposure he has to users of his tool, other developers of intrusion prevention and detection engines and the open source community. Sourcefire has made a number of improvements to its system, adding support for both on premise and cloud-based virtualization and other improvements to accelerate its speed and extend its protection capabilities. In this interview, Roesch talks about upcoming changes to the backbone of Snort's engine and how closer integration with vulnerability management vendor Qualys adds deeper analysis of threats identified by the network detection system.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.