December 01, 2009
Depends on deployment
How do you take a free open source product that has become one of the most used products in information security and turn it into a commercial product that people will buy? It turns out that you have to do a lot more than stick Snort in an appliance with a cool logo on the front. Worse, how do you cope with the convergences that take place in our field all the time? The answer is that you embrace those challenges and use them to create your next generation of intrusion prevention system (IPS).
First, you add blazingly fast accelerator network interface card (NIC). Then you use virtualization techniques. Then you look only at the parts of the packet that you need to. As for the virtualization, you look at how you can use such application programming interface (API) as VMware's VMSafe and start looking at what the enterprise is going to look like up the road. But there is a lot more to it than these admittedly important tasks.
You need to focus on attack detection methods, awareness of the enterprise components and data types, and expand your in-line offering to go beyond today's IPS. All of that requires vision and there is no shortage of that commodity at Sourcefire, this year's choice for our IPS innovator. What are the challenges ahead for this company?
First, unknown or zero-day attacks head the list. No surprise there, but solving that problem is a bit of a Holy Grail. Second, because the IPS is an in-line appliance, it needs the best platform performance available. That is a combination of packet inspection technology and brute-force hardware speed. Finally, you need more comprehensive security technologies.
That last option was one of several recurring themes in our discussions with this year's innovators. While the mantra over the past couple of years has been "do more with less," today it is "start viewing security holistically." The security architecture is an ecosystem and it needs to be treated as such to get the most efficiency.
This approach is second nature to Sourcefire and it colors their view of the future. Today we see Sourcefire creating its own ecosystem. What comes next is an open question, but you can bet that it will be interesting.
AT A GLANCE
Flagship product: Sourcefire 3D System
Cost: Depends on deployment
Innovation: Moving from an open source product that still is available to a commercial product that builds strongly on the open source product, but offers far more capability
Greatest strength: Vision and flexibility
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes