News Stay informed about the latest enterprise technology news and product updates.

Sourcefire, Nmap deal to open vulnerability scanning

Sourcefire and have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine.

Network intrusion prevention vendor Sourcefire Inc. and, the makers of Nmap, are teaming up to integrate tools and produce open source vulnerability scanning software.

The positive side of adding vulnerability detection is that it will take some of the required research out of doing NMAP scans.
Eric S. Nooden,
manager of information systemsRockford Gastroenterology Associates

The two software vendors signed a license agreement to jointly develop the software using the Nmap Scripting Engine embedded within the Nmap network discovery tool. Under the terms of the agreement, will develop the engine while the Sourcefire researchers will develop and contribute plug-ins for discovering specific vulnerabilities.

The new integrated features will allow the software to identify real-time network changes using the Nmap capabilities to discover specific vulnerability information for data that has been added or changed.

The new engine technology will be available within the open source Nmap Security Scanner as well as bundled into the commercial Sourcefire 3D System. Sourcefire said that the new tools could be combined with its RNA to provide new active scanning capabilities for its customers. The new features enable customers to coordinate passive network discovery with active scanning for vulnerability detection.

Sourcefire - Snort:
Snort creator, Sourcefire seek fresh approach: Sourcefire is launching Enterprise Threat Management. Sourcefire says the open source tool Snort is the backbone of the new strategy.

Sourcefire's Roesch pledges long, open source life for Snort: In this Q&A, Martin Roesch, founder and chief technology officer of Sourcefire talks about the future of his Snort creation.

IDS Snort rules: Sourcefire rules: This portion of the Snort report on Snort IDS rules covers rules provided by Sourcefire. It also discusses the pros and cons of rules by subscription, free rules and rules submitted by the Snort community. 

At least one user of Sourcefire's open source Snort tool called the licensing agreement positive. The relationship between the two companies could open up a user group community devoted to making vulnerability plug-ins, said Eric S. Nooden, manager of information systems at Rockford, Il.-based Rockford Gastroenterology Associates.

"There is only so much that NMAP can scan for before you have to take that information and research what is vulnerability may exist on that device," he said. "The positive side of adding vulnerability detection is that it will take some of the required research out of doing NMAP scans."

Sourcefire said the integrated tools could reduce scanning times when conducting vulnerability assessments and is part of its approach of using both passive and active assessment technologies for risk assessment.

Sourcefire went public in March and recently revamped its product offering into a strategy it calls Enterprise Threat Management. The software vendor said that Snort, its open source packet-sniffer, would remain the backbone of its new strategy, which combines intrusion prevention, network behavior analysis and network access control and vulnerability assessment. - Nmap:
Nmap Technical Guide: By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task.

Nmap and the open source debate: Upper management may be hesitant to approve the use of an open source tool, but Nmap has many benefits. This tip offers selling points to present to upper management when proposing the use of Nmap.

Installing and configuring Nmap on Linux: Get tips for installing and configuring Nmap on Linux in an enterprise network environment. 

The vendor also introduced a Master Defense Center, which is the main interface to aggregating security and policy events from up to ten appliances that can be deployed to view and prioritize events. It also added Network Usage Control, a utility that allows customers to set and enforce network user behavior policies.

The challenge for Sourcefire is to differentiate itself from much larger vendors that sell intrusion prevention systems to monitor environments for threats, said Charles Kolodgy, a research director of secure content and threat management products at Framingham, Mass-based IDC in a recent interview with Juniper Networks, Cisco Systems, ISS (now part of IBM Global Services and TippingPoint Technologies (now a division within 3Com) offer similar IPS tools, he said.

Sourcefire is also trying to leverage its RNA technology, which monitors network behavior. That technology is dominated by much smaller players, including Waltham, Mass.-based Q1 Labs Inc., Kolodgy said.

Nmap has released an alpha version of the scripting engine with a number of initial scripts. The commercial Sourcefire version is expected to be embedded in the 3D System beginning in the first quarter of 2008.

Dig Deeper on Open source security tools and software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.