RE: Snort is a "niche player"

["Yaakov Yehudi" <yehudi () tehila gov il>]

Thanks for your reply Marty, it seems like a pretty balanced one to me.

Regards, Ya'akov 

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com] 
Sent: Tuesday, June 29, 2004 22:41
To: etienne.causse () pierre-fabre com
Cc: 'snort-users'; Yaakov Yehudi
Subject: Re: [Snort-users] Snort is a "niche player"

The NAI guys were referring to the last Magic Quadrant (MQ) that came out
covering the IDS space that put them in the "lead" position due to Gartner's
enthusiasm for their Intruvert acquisition and relegated Snort into the
"niche" corner (with my own company Sourcefire out in front of it by a
little and below all the other companies).  Snort and Sourcefire were
basically positioned in the quadrant which implies that we are less able to
execute on our plans and less innovative in our technology than everyone
else in the industry, including companies that are smaller with less money
than us and fewer customers as well as companies that haven't invented or
demonstrated any innovation in their entire corporate history.  If anyone
wants a picture of the InfoWorld
2004 Innovator award I have sitting on my desk here (that we got for
Sourcefire inventing our RNA product)  I can ship it over to show that we
are actually working on new stuff that is pretty cool (in my admittedly
biased opinion).

Before you call "sour grapes" on me, please be aware that given the
information Gartner had on Sourcefire at the time that they wrote this MQ
report this information was quite possibly relatively accurate in terms of
where they thought we were.  Basically they thought we were a niche player
because they thought Sourcefire was strictly an IDS company.  Unfortunately,
being a niche player didn't earn us a briefing before they went to press
with the MQ, so we ended up in loserland.  I probably didn't help "foster
mutual communication and understanding" by publicly calling bullshit on them
last year when they took their "IDS is dead" show on the road.  Bygones
people.  Now that they've seen and understand our RNA technology and how
we're integrating network context into our IDS processes as well as
providing all the cool policy enforcement stuff (as well as an IPS) they
know that we're a lot more than a one trick pony.

Now, Gartner just released one of their "Hype Cycle" reports a few weeks ago
that shows that Snort is in the "early mainstream" phase of acceptance and
on an even footing (in terms of acceptance of the
technology) with other well known open source technologies as Linux, OpenSSL
and Nessus.  It's pretty surreal that NAI is presenting Snort as a niche
player when we're getting roughly 15,000 downloads of Snort *per week* while
the NAI/Intruvert combo has several hundred sensors fielded after 18 months
of selling.

Who's the niche player?

NAI is confusing their positioning (i.e. marketing) with their position
(i.e. acceptance/deployment), they have an enterprise high performance
intrusion detection/prevention engine that is priced to match and still
relatively early in their product life cycle.  Snort is much more widely
deployed and accepted than they will ever be and quite frankly has become
the ruler by which most other IDS technologies seem to be measured (or, less
generously, the lowest common denominator of IDS functionality). :)

Anyway, don't mean to get on a rant here but this is what a psychologist
would call "projecting".  Look it up. :)

      -Marty


On Jun 29, 2004, at 11:27 AM, etienne.causse () pierre-fabre com wrote:

> I've seen a part of this report in a presentation made by Network 
> Associates to my boss. They were trying to sell to us their Intrusion 
> Protection System.
> I think it's not possible to know how many installations of Snort 
> exists in the companies, as it is not a commercial product, so 
> Gartner's figures are probably wrong.
>
> Anyways, i'm interested by any other comments about theses figures.
>
> Regards,
> Etienne.
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring roesch () sourcefire com -
http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users