February 20th, 2002, 07:37 AM
Snort Sniffs Out a Commercial Future.
After reading this article I only could ask myself: - Will Snort be a fully commercial product or will there be open source alternatives?
Snort Sniffs Out a Commercial Future
The creator of the popular open source intrusion detection system gets megabucks in venture capital for a Snort start-up.
By Kevin Poulsen
Feb 14 2002 1:39PM PT
The commercial potential of open source security products won a financial vote of confidence last week when the author of the hacker-busting freeware program Snort pulled in $2 million in venture capital, and moved his year-old start-up company out of his suburban Maryland living room.
Martin Roesch wrote Snort as a lightweight intrusion detection system in his spare time in 1998. The program quickly became hugely popular: one vendor estimates there are 100,000 Snort installations worldwide, and the project's official Web site boasted nearly 10 million downloads in it's first year of operation. The software's been ported to nearly every operating system platform, and the documentation translated into at least seven different languages.
What Snort lacked was the user-friendliness and commercial support demanded by corporate IT departments. With that in mind, Roesch launched Sourcefire in January, 2001, to build a commercial-grade appliance with Snort at the center. "You don't have to be a guru to run it, and its faster and easier to run," says Roesch. "So the guys that need to go to their bosses and get approval, if they need a commercial entity backing their IDS engine, we give them a place to go."
Of course, others have had the same idea. Silicon Defense, which has contributed to Snort, began offering commercial support for the free IDS last March, and sells a sensor appliance of its own, while Guardent recently rolled out an all-in-one open source security box that bundles Snort with the IPTables firewall program and the Nessus vulnerability scanner.
IDC analyst Chris Christiansen says there are still more commercial incarnations of Snort on the way.
"We've seen a number of companies that intend to sell Snort-based security products on a commercial basis in the last few months," says Christiansen. "It's gaining a lot of credibility. It's coming out of the open source space and its looking like it going to be a significant revenue generator."
As the head of the open source project, Roesch hopes that Snort's credibility will accrue to Sourcefire. Either way, he's gearing up for the competition, moving the company into an 8,000 square foot furnished office in Columbia, MD, interviewing for new hires and sniffing out a CEO. "We're going to hire on the order of at least twenty to thirty people fairly rapidly," says Roesch. ""I've started calling my friends and saying, it's time to get on a plane. It's go time."
February 20th, 2002, 07:57 AM
Given the way I understand new signatures are created for snort...
i.e. people who use the software capture the traffic, figure out what is going on, and then write a filter to detect it, and then submit the filter..
I cant imagine that snort would not continue to be available for a while at least, as an open source application. One of the biggest problems with IDS is the very small number of signatures which are available for most of them. creating new signatures for new attacks, or even, creating new signatures for old attacks that dont have them yet, is essential.
If snort continued to be available to download and use freely for those who wish to, the company simply gets some free developers.
It sounds to me like they are simply going to sell an easy way for companies to get into the game. i.e. OS and Snort preinstalled/tuned with a gui, and a support agreement for when clueless IT people screw the system up.
February 20th, 2002, 04:05 PM
There is nothing that I know of that is leading me to believe Snort will not remain open source. What this article is refering to is the products that have come out on the commercial market that use the Snort engine. There are several of them out there and they are not a bad solution at all if you don't want to take the time to do all the customization and configuration yourself.
February 22nd, 2002, 06:31 PM
February 22nd, 2002, 06:53 PM
I AM INTERESTED!!!
Of course...let me know how it turns out...
February 26th, 2002, 07:50 PM
February 26th, 2002, 08:14 PM
Once again mrwall, you have gone above and beyond.
This really sounds awesome and definately sounds like it will work in concept. (although i have not yet tried it of course )
Please continue to keep up updated, and maybe when everything is complete you can write a short tutorial for us