[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: Re: [Snort-sigs] Cisco acquires Sourcefire ... should we be worried?
From: Joe Kraxner <joe () kraxner ! net>
Date: 2013-07-23 19:33:39
Message-ID: 4287859492345007530 () unknownmsgid
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Uh, they don't let them die? Ever heard of Protego Networks aka Cisco MARS?
;)
I agree, I'm a bit concerned with Snort as well.
Sent from my Go-Go-Gadget Phone
On Jul 23, 2013, at 11:58 AM, Bad Horse <b4dh0rs3@gmail.com> wrote:
What a crazy random happenstance! Today I see the news that Cisco is
acquiring Sourcefire (
http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html). I know
this will make the Sourcefire people a lot of money but honestly it makes
me concerned.
My primary worries center around the the traditional open source position
of Snort and Sourcefire (although some have questioned the open source
attitude of Sourcefire at times and I don't necessarily agree with them nor
do I wish to bring up that argument here). But what will happen to Snort?
Cisco is extremely adroit at acquiring companies and leveraging them to
push their company forward. Progress via acquisition? Yes. But Cisco
doesn't let the companies they buy just die, they use them to enhance their
position in the marketplace. So I say again, what will happen to Snort and
the open source roots it grew from?
Obviously, Cisco will use Snort IDS in their products; Cisco currently has
an IDS offering which is weak and thus you have the Sourcefire buy. So now
we can expect to see Snort as an integrated module in Cisco firewalls,
routers, and other networking equipment.
But will Snort remain open source? What will happen to the rulesets? The
mailing lists? Will the "community" that Joel has been trying to build be
put out to pasture?
I have to be honest ... today I just approved a purchase order for some
major hardware that the team will be using to evaluate Suricata (
http://suricata-ids.org/) and some other open source IDS/IPS solutions such
as Bro (http://www.bro.org/). I am also investigating ET Pro (
http://www.emergingthreats.net/) as a source for high quality rulesets and
scheduling some PoCs with high ranking managed security services (MSS)
providers. With the news about Cisco, the future of Snort is uncertain and
I need to be prepared (or be prepared to pay Cisco prices in a year or two
when they implement Snort which I'd rather not do if there are viable open
source alternatives).
I worry that Snort may become closed source in the near future and that
progress on the IDS engine will stall during the acquisition period.
Additionally, I fear that the vibrant Snort community will quickly dry up
if everything becomes closed source and you have to "pay to play".
Are my fears unfounded? Or is Snort just going to get better? I'd love to
see a press release saying that Cisco is committed to keeping Snort open
source although with a purchase price of $2.7B USD I'm not sure how much
Sourcefire cares right now since they are lounging on all that cash :)
-B4d H0rs3
The Thoroughbred of SYN
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div>Uh, they don't let them die? Ever \
heard of Protego Networks aka Cisco MARS? ;)</div><div><br></div><div>I agree, \
I'm a bit concerned with Snort as well.<br> <br>Sent from my Go-Go-Gadget \
Phone</div><div><br>On Jul 23, 2013, at 11:58 AM, Bad Horse <<a \
href="mailto:b4dh0rs3@gmail.com">b4dh0rs3@gmail.com</a>> \
wrote:<br><br></div><div>What a crazy random happenstance! Today I see the news that \
Cisco is acquiring Sourcefire (<a \
href="http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html">http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html</a>). \
I know this will make the Sourcefire people a lot of money but honestly it makes me \
concerned.<br>
<br>My primary worries center around the the traditional open source position of \
Snort and Sourcefire (although some have questioned the open source attitude of \
Sourcefire at times and I don't necessarily agree with them nor do I wish to \
bring up that argument here). But what will happen to Snort? Cisco is extremely \
adroit at acquiring companies and leveraging them to push their company forward. \
Progress via acquisition? Yes. But Cisco doesn't let the companies they buy just \
die, they use them to enhance their position in the marketplace. So I say again, \
what will happen to Snort and the open source roots it grew from?<br>
<br>Obviously, Cisco will use Snort IDS in their products; Cisco currently has an IDS \
offering which is weak and thus you have the Sourcefire buy. So now we can expect to \
see Snort as an integrated module in Cisco firewalls, routers, and other networking \
equipment.<br>
<br>But will Snort remain open source? What will happen to the rulesets? The \
mailing lists? Will the "community" that Joel has been trying to build be \
put out to pasture?<br><br>I have to be honest ... today I just approved a purchase \
order for some major hardware that the team will be using to evaluate Suricata (<a \
href="http://suricata-ids.org/">http://suricata-ids.org/</a>) and some other open \
source IDS/IPS solutions such as Bro (<a \
href="http://www.bro.org/">http://www.bro.org/</a>). I am also investigating ET Pro \
(<a href="http://www.emergingthreats.net/">http://www.emergingthreats.net/</a>) as a \
source for high quality rulesets and scheduling some PoCs with high ranking managed \
security services (MSS) providers. With the news about Cisco, the future of Snort is \
uncertain and I need to be prepared (or be prepared to pay Cisco prices in a year or \
two when they implement Snort which I'd rather not do if there are viable open \
source alternatives).<br>
<br>I worry that Snort may become closed source in the near future and that progress \
on the IDS engine will stall during the acquisition period. Additionally, I fear \
that the vibrant Snort community will quickly dry up if everything becomes closed \
source and you have to "pay to play".<br>
<br>Are my fears unfounded? Or is Snort just going to get better? I'd love to \
see a press release saying that Cisco is committed to keeping Snort open source \
although with a purchase price of $2.7B USD I'm not sure how much Sourcefire \
cares right now since they are lounging on all that cash :)<br>
<br>-B4d H0rs3<br> The Thoroughbred of SYN<br>
</div><div><span>------------------------------------------------------------------------------</span><br><span>See \
everything from the browser to the database with AppDynamics</span><br><span>Get \
end-to-end visibility with application monitoring from AppDynamics</span><br> \
<span>Isolate bottlenecks and diagnose root cause in seconds.</span><br><span>Start \
your free trial of AppDynamics Pro today!</span><br><span><a \
href="http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk" \
>http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk</a></span></div>
>
<div><span>_______________________________________________</span><br><span>Snort-sigs \
mailing list</span><br><span><a \
href="mailto:Snort-sigs@lists.sourceforge.net">Snort-sigs@lists.sourceforge.net</a></span><br><span><a \
href="https://lists.sourceforge.net/lists/listinfo/snort-sigs">https://lists.sourceforge.net/lists/listinfo/snort-sigs</a></span><br>
<span><a href="http://www.snort.org">http://www.snort.org</a></span><br><span></span><br><span></span><br><span>Please \
visit <a href="http://blog.snort.org">http://blog.snort.org</a> for the latest news \
about Snort!</span></div> </body></html>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic