Sourcefire Stays True To Its Roots
New cloud based anti-malware tool leans heavily on open source
By Alan Shimel on Wed, 01/25/12 - 12:20am.
Sourcefire is a security company that had its genesis in founder Marty Roesch's Snort open source intrusion detection system. Along the way Sourcefire has taken over the stewardship and introduced several other open source projects. One of the best known was the ClamAV anti-malware project.
While Sourcefire has grown beyond Snort and ClamAV to a full range of commercial solutions, they have always stayed true to their open source roots. A little while back they bought Immunet, another maker of an anti-malware solution.
Monday Sourcefire released FireAMP a cloud-based anti-malware security solution based on the Immunet technology with a healthy dose of the ClamAV technology as well. FireAMP is a different kind of anti-malware security product. Unlike many of the traditional AV products that have moved to the cloud like Symantec, McAfee and Trend, FireAMP takes another approach. Rather than trying to block malware at the perimeter or as it tries to enter the endpoint. FireAMP instead sends information to Sourcefire's cloud by the on board agents where it is analyzed. If it is deemed malicious, you have the option of having Sourcefire remove it or just report on it.
I spoke today with Al Huger, Sourcefire's VP of Development for the Cloud Technology Group and a co-founder of Immunet. Al said that FireAMP has open source software all through it. From a lot of the infrastructure it is built on, including some NoSQL database technology, to some ClamAV agent technology and other stuff, FireAMP wouldn't be possible without open source. While FireAMP is still a product, there is certainly a service element to it. Part of a new class of cloud enabled product/services. Whil not itself an open source solution, many of the components behind it are. Huger said that of course using and supporting open source is a strong tradition within Sourcefire and will continue to be so.
I was glad to hear this, but frankly did not expect anything different. Roesch and the Sourcefire team have always displayed a deft hand in understanding and leveraging the open source community. While not an open source project in and of itself, it is good to see FireAMP continuing the Sourcefire tradition.
- About Open Source Fact and Fiction
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.
Most Discussed Posts
- Blog Roll
-
Network World, Inc
The Connected Enterprise