Snort mailing list archives
Re: [Emerging-Sigs] Cisco acquires Sourcefire ... should we be worried?
From: Kevin Ross <kevross33 () googlemail com>
Date: Fri, 20 Sep 2013 09:14:26 +0100
Hi, Just saw this today and thought it is an interesting follow up: http://www.infosectoday.com/Articles/Big_Data_Heuristics.htm This article certainly covers this aquisition from the point of view of malware and big data which increases my belief that the primary reason for the acquisition is FireAMP and not Snort. However; I would be very happy if Snort started to be integrated into Cisco ASA firewalls and things :D What I do find interesting though is Cisco originally acquired Cognitive Security which I cannot find anymore and it seemed at the time that their intention for this was basically the same thing; they wanted big data visibility into malware. Regards, Kevin On 13 September 2013 00:41, Kevin Ross <kevross33 () googlemail com> wrote:
Yeah but with MARS it was pretty much an undeveloped product that didn't really adapt to new threats. Though they certainly put the advertising out there like in 24 https://www.youtube.com/watch?v=I3IeWw_vu9Q :) So MARs really was dying and Cisco let it happen but I don't really see Snort dying anytime soon and hopefully Cisco's acquisition will allow for integration into their products (I would much rather have Snort IPS running on ASA firewalls that the Cisco IPS software). Although for some reason I get the idea that Cisco's aquisition may have have more to do with FireAMP than Snort and Cisco trying to build up their threat intelligence capabilities like with they acquired the Prague based company Cognitive Security http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/cognitivesecurity.html Regards, Kevin On 23 July 2013 20:33, Joe Kraxner <joe () kraxner net> wrote:Uh, they don't let them die? Ever heard of Protego Networks aka Cisco MARS? ;) I agree, I'm a bit concerned with Snort as well. Sent from my Go-Go-Gadget Phone On Jul 23, 2013, at 11:58 AM, Bad Horse <b4dh0rs3 () gmail com> wrote: What a crazy random happenstance! Today I see the news that Cisco is acquiring Sourcefire ( http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html). I know this will make the Sourcefire people a lot of money but honestly it makes me concerned. My primary worries center around the the traditional open source position of Snort and Sourcefire (although some have questioned the open source attitude of Sourcefire at times and I don't necessarily agree with them nor do I wish to bring up that argument here). But what will happen to Snort? Cisco is extremely adroit at acquiring companies and leveraging them to push their company forward. Progress via acquisition? Yes. But Cisco doesn't let the companies they buy just die, they use them to enhance their position in the marketplace. So I say again, what will happen to Snort and the open source roots it grew from? Obviously, Cisco will use Snort IDS in their products; Cisco currently has an IDS offering which is weak and thus you have the Sourcefire buy. So now we can expect to see Snort as an integrated module in Cisco firewalls, routers, and other networking equipment. But will Snort remain open source? What will happen to the rulesets? The mailing lists? Will the "community" that Joel has been trying to build be put out to pasture? I have to be honest ... today I just approved a purchase order for some major hardware that the team will be using to evaluate Suricata ( http://suricata-ids.org/) and some other open source IDS/IPS solutions such as Bro (http://www.bro.org/). I am also investigating ET Pro ( http://www.emergingthreats.net/) as a source for high quality rulesets and scheduling some PoCs with high ranking managed security services (MSS) providers. With the news about Cisco, the future of Snort is uncertain and I need to be prepared (or be prepared to pay Cisco prices in a year or two when they implement Snort which I'd rather not do if there are viable open source alternatives). I worry that Snort may become closed source in the near future and that progress on the IDS engine will stall during the acquisition period. Additionally, I fear that the vibrant Snort community will quickly dry up if everything becomes closed source and you have to "pay to play". Are my fears unfounded? Or is Snort just going to get better? I'd love to see a press release saying that Cisco is committed to keeping Snort open source although with a purchase price of $2.7B USD I'm not sure how much Sourcefire cares right now since they are lounging on all that cash :) -B4d H0rs3 The Thoroughbred of SYN ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!
------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Cisco acquires Sourcefire ... should we be worried? Bad Horse (Jul 23)
- Re: [Snort-sigs] Cisco acquires Sourcefire ... should we be worried? Gregory W. MacPherson (Jul 23)
- Re: Cisco acquires Sourcefire ... should we be worried? Joe Kraxner (Jul 23)
- Re: [Emerging-Sigs] Cisco acquires Sourcefire ... should we be worried? Kevin Ross (Sep 13)
- Re: [Emerging-Sigs] Cisco acquires Sourcefire ... should we be worried? Kevin Ross (Sep 23)
- Re: [Emerging-Sigs] Cisco acquires Sourcefire ... should we be worried? Kevin Ross (Sep 13)