December 01, 2009
Depends on deployment
How do you take a free open source product that has become one of the most used products in information security and turn it into a commercial product that people will buy? It turns out that you have to do a lot more than stick Snort in an appliance with a cool logo on the front. Worse, how do you cope with the convergences that take place in our field all the time? The answer is that you embrace those challenges and use them to create your next generation of intrusion prevention system (IPS).
First, you add blazingly fast accelerator network interface card (NIC). Then you use virtualization techniques. Then you look only at the parts of the packet that you need to. As for the virtualization, you look at how you can use such application programming interface (API) as VMware's VMSafe and start looking at what the enterprise is going to look like up the road. But there is a lot more to it than these admittedly important tasks.
You need to focus on attack detection methods, awareness of the enterprise components and data types, and expand your in-line offering to go beyond today's IPS. All of that requires vision and there is no shortage of that commodity at Sourcefire, this year's choice for our IPS innovator. What are the challenges ahead for this company?
First, unknown or zero-day attacks head the list. No surprise there, but solving that problem is a bit of a Holy Grail. Second, because the IPS is an in-line appliance, it needs the best platform performance available. That is a combination of packet inspection technology and brute-force hardware speed. Finally, you need more comprehensive security technologies.
That last option was one of several recurring themes in our discussions with this year's innovators. While the mantra over the past couple of years has been "do more with less," today it is "start viewing security holistically." The security architecture is an ecosystem and it needs to be treated as such to get the most efficiency.
This approach is second nature to Sourcefire and it colors their view of the future. Today we see Sourcefire creating its own ecosystem. What comes next is an open question, but you can bet that it will be interesting.
AT A GLANCE
Flagship product: Sourcefire 3D System
Cost: Depends on deployment
Innovation: Moving from an open source product that still is available to a commercial product that builds strongly on the open source product, but offers far more capability
Greatest strength: Vision and flexibility