Open Source Security Pioneer Sourcefire Goes Agile
A new approach to today's more complex threat environment
By Alan Shimel on Mon, 09/12/11 - 10:48am.
Martin Roesch and the company he founded, Sourcefire are almost legendary in open source security circles. Roesch is the creator of Snort, the open source intrusion detection/prevention system that became the de facto standard for the entire category. Sourcefire was formed to both commercialize and continue Snort as an open source project. Along the way to a successful IPO, Sourcefire acquired the ClamAV open source anti-malware project and started Razorback, another open source security project. Few companies are more closely aligned with open source security then Sourcefire.
Now Sourcefire is launching an entire new approach to today's complex security challenges. They call it Agile Security. With Agile Security Sourcefire says the challenge is to move beyond static security. They have outlined a process which they call Agile Security, security for the real world and it looks something like this:
1. See. Traditional security solutions are mostly blind to their environment and the threats they face. An agile approach provides clarity and vision, reflecting the reality of an environment, as it exists right now.
2. Learn. Applies intelligence to data to improve understanding and decision-making.
3. Adapt. Static approaches limit the ability to tailor protection. Agile Security allows automatic evolution and modification of defenses in response to change.
4. Act. Agile Security provides decisive, flexible and automated responses to events.
I had a chance to meet with Marc Solomon, SVP of marketing and product management for Sourcefire to discuss this new Agile approach to security. Our conversation is available to listen to below.
I for one am happy to see Sourefire announce this new "agile" approach for various reasons. One reason is that for a few years now we have been hearing that the security industry is stagnant. There is nothing new coming out of the security industry. We are reactive, not pro-active and security innovation is dead. Personally I think nothing is further from the truth. There has been a lot of great innovation being done in security. If you are willing to look down below the large public companies, there are some great security start ups that have done some ground breaking work in security.
But we also have to remember that the job description has changed in security. During my time in security I have seen the threat move from "script kiddies" who were notching marks on their belts when they hacked a system to the threat being a far-flung organized cybercrime industry that was responsible for tens if not hundreds of billions of dollars of financial losses over the last few years. Over the recent past there has been another sea change where now the threat has also become cyber terror, cyber warfare, cyber espionage from both state sponsored and private sources. Advanced persistent threats and more sophisticated attacks have helped these cyber security threats become more lethal. Most recently we have seen the "hack-t-avists" like LulzSec and Anonymous. They are making political statements via hacking. So while some may say the security industry hasn't moved forward, it has. But the threats have been moving forward even faster it seems. Sourcefire's agile approach recognizes this fact and is laying out a plan to confront and manage the threat moving forward.
Another reason I was happy to hear about agile security is that for too long people were just associating Sourcefire with Snort. Even though they long ago moved beyond being a one trick pony. Now Sourcefire along with the agile approach is reorganizing their entire line up of security solutions. They have a wide range of solutions beyond IDS too. However, don't think that their commitment to open source has waned at all. Marc assures me that open source is still part of the basic DNA at the company.
So here is to the new agile approach from Sourcefire. It will be interesting to see how it effects the security market. Enjoy listening to the podcast as well!
- About Open Source Fact and Fiction
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.
Most Discussed Posts
- Blog Roll
-
Network World, Inc
The Connected Enterprise