December 01, 2009
Depends on deployment
How do you take a free open source product that has become one of the most used products in information security and turn it into a commercial product that people will buy? It turns out that you have to do a lot more than stick Snort in an appliance with a cool logo on the front. Worse, how do you cope with the convergences that take place in our field all the time? The answer is that you embrace those challenges and use them to create your next generation of intrusion prevention system (IPS).
First, you add blazingly fast accelerator network interface card (NIC). Then you use virtualization techniques. Then you look only at the parts of the packet that you need to. As for the virtualization, you look at how you can use such application programming interface (API) as VMware's VMSafe and start looking at what the enterprise is going to look like up the road. But there is a lot more to it than these admittedly important tasks.
You need to focus on attack detection methods, awareness of the enterprise components and data types, and expand your in-line offering to go beyond today's IPS. All of that requires vision and there is no shortage of that commodity at Sourcefire, this year's choice for our IPS innovator. What are the challenges ahead for this company?
First, unknown or zero-day attacks head the list. No surprise there, but solving that problem is a bit of a Holy Grail. Second, because the IPS is an in-line appliance, it needs the best platform performance available. That is a combination of packet inspection technology and brute-force hardware speed. Finally, you need more comprehensive security technologies.
That last option was one of several recurring themes in our discussions with this year's innovators. While the mantra over the past couple of years has been "do more with less," today it is "start viewing security holistically." The security architecture is an ecosystem and it needs to be treated as such to get the most efficiency.
This approach is second nature to Sourcefire and it colors their view of the future. Today we see Sourcefire creating its own ecosystem. What comes next is an open question, but you can bet that it will be interesting.
AT A GLANCE
Flagship product: Sourcefire 3D System
Cost: Depends on deployment
Innovation: Moving from an open source product that still is available to a commercial product that builds strongly on the open source product, but offers far more capability
Greatest strength: Vision and flexibility
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- The Internet of Things (IoT) will fail if security has no context
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards