December 01, 2009
Depends on deployment
How do you take a free open source product that has become one of the most used products in information security and turn it into a commercial product that people will buy? It turns out that you have to do a lot more than stick Snort in an appliance with a cool logo on the front. Worse, how do you cope with the convergences that take place in our field all the time? The answer is that you embrace those challenges and use them to create your next generation of intrusion prevention system (IPS).
First, you add blazingly fast accelerator network interface card (NIC). Then you use virtualization techniques. Then you look only at the parts of the packet that you need to. As for the virtualization, you look at how you can use such application programming interface (API) as VMware's VMSafe and start looking at what the enterprise is going to look like up the road. But there is a lot more to it than these admittedly important tasks.
You need to focus on attack detection methods, awareness of the enterprise components and data types, and expand your in-line offering to go beyond today's IPS. All of that requires vision and there is no shortage of that commodity at Sourcefire, this year's choice for our IPS innovator. What are the challenges ahead for this company?
First, unknown or zero-day attacks head the list. No surprise there, but solving that problem is a bit of a Holy Grail. Second, because the IPS is an in-line appliance, it needs the best platform performance available. That is a combination of packet inspection technology and brute-force hardware speed. Finally, you need more comprehensive security technologies.
That last option was one of several recurring themes in our discussions with this year's innovators. While the mantra over the past couple of years has been "do more with less," today it is "start viewing security holistically." The security architecture is an ecosystem and it needs to be treated as such to get the most efficiency.
This approach is second nature to Sourcefire and it colors their view of the future. Today we see Sourcefire creating its own ecosystem. What comes next is an open question, but you can bet that it will be interesting.
AT A GLANCE
Flagship product: Sourcefire 3D System
Cost: Depends on deployment
Innovation: Moving from an open source product that still is available to a commercial product that builds strongly on the open source product, but offers far more capability
Greatest strength: Vision and flexibility
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- Researcher finds backdoor that accessed Facebook employee passwords
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- UPDATE: Petya ransomware leverages Dropbox and overwrites hard drives
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- FBI investigating attack against computer networks at U.S. law firms
- Ransomware rampant, but chinks found in its armor
- Mining company's data is more valuable than gold
- PCI DSS version 3.2 release extends multifactor authentication requirement
- RSA EMEA Summit: Writing a security strategy that will make Vivaldi proud
- U.S. CIO hints federal adoption of 'bimodal IT' to balance old and new tech