Sourcefire's Snort Has A Real Nose For Intruders - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:05 AM

Sourcefire's Snort Has A Real Nose For Intruders

Open source intrusion detection and prevention technology is being used to bolster security in several products; new features could make it even more popular

The U.S. government may have stymied Sourcefire's plans to merge with Check Point Software Technologies, but Sourcefire still has big ideas for the expansion of its open source Snort-based network security technology.

Many companies use Snort intrusion detection and prevention capabilities in their network security products, and features in the works will let Snort better protect against spyware. The company hopes to incorporate these features into its upcoming Defense Center network security appliance, which will use intrusion sensors and agents and real-time network awareness sensors to aggregate, analyze, prioritize, and act on threat information.

Sourcefire founder and CTO Martin Roesch owns Snort's General Public License and drives the technology's development. Sourcefire says its technology analyzes data about network security threats and intended targets so companies can defend themselves better.

"Either you can't block it all, or you get too much information," which is as useful as a car alarm in a crowded parking lot, says Michele Perry, Sourcefire's chief marketing officer. The company's strategy also includes embedding added security measures--like network behavior anomaly detection, which quarantines or eliminates suspicious network traffic--into its existing products so customers don't need to buy more network security appliances.

Snort Factor
Commercial security technologies based on Snort include:
>> Apani Networks' ThreatView administrative tool, which sends alerts when sensitive data is accessed
  >> Astaro's Security Linux, which uses Snort for network intrusion prevention
  >> Demarc Security's Sentarus intrusion detection and prevention system
  >> Foundry Networks's Flow traffic monitoring technology
  >> StillSecure's Strata Guard intrusion detection and prevention system
At least 15 companies incorporate Snort into their network security offerings, Perry says, noting that the technology has been downloaded 3 million times since its 1998 debut. Apani Networks recently introduced a Snort-based ThreatView administrative tool designed to alert companies when data designated as "sensitive" is in transit within their network perimeters.

Late last year, when Israeli-owned Check Point said it intended to buy Sourcefire, the pairing appeared to be a good deal for both companies. Check Point wanted to add intrusion detection and prevention to its product line, and Sourcefire hoped to expand its market outside the United States.

"We're disappointed that the Check Point thing fell apart," Perry says. "They had worldwide sales and distribution in place. They also had a name brand and established customers."

Check Point had put $225 million on the table to close the deal, but the transaction was scuttled after it came under scrutiny from the federal Committee on Foreign Investment in the United States, an interagency group that investigates foreign acquisitions of U.S. companies and makes recommendations to the president as to their advisability.

After their canceled transaction, Check Point and Sourcefire agreed to pursue partnership opportunities. Check Point already sees the downside of its aborted Sourcefire bid. Last month, it reported a first-quarter profit of $61.6 million on revenue of $133.6 million, down 3% year over year. Check Point had issued an earnings warning on April 4 in part because of the canceled Sourcefire deal. The company is adjusting to a new sales model that focuses on annual subscription licenses rather than perpetual licenses.

But Sourcefire's financial fortunes appear to be heading in the other direction. The privately held company recently stated that revenue from the first quarter of last year through the same quarter of this year grew 68%.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll