back to article Battle joined for future of open source IPS

The battle to develop the next generation of open source intrusion prevention systems (IPS) technology is intensifying between incumbent Snort and a US government-backed project, the Open Information Security Foundation (OISF). Disagreements over technical issues such as the relative importance of developing IPS systems that …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Why not?

    Erm, why is the story in the top five box with a pic of the lovely Russian spyette, Anna Chapman?!

    1. J 3
      Joke

      Er...

      Story is so boring they had to find a way for people to click on it... And it worked.

    2. Marcus Aurelius
      Paris Hilton

      ..because

      With her being banned from the UK, this is as close as we're going to get

  2. David McMahon
    Heart

    Yes!!!

    A pic of the gorgeous Anna Chapman!

    I'm still loving being her guard she needs new cuffs, quite the animal!!!

  3. Anonymous Coward
    Paris Hilton

    Just what

    is the Amanda Chapman connection? I think we all deserve to know.

    (Sorry Paris, over familiarity breeds contempt)

  4. Reg Sim
    Thumb Up

    I presume

    the connection is security? US and high performance ;p

    Intresting topic, I would of missed it, if it had been lower down ye auld list.

  5. Jean-Luc Silver badge
    Paris Hilton

    When do we get an Anna Chapman icon?

    'nuff said.

    Paris, cuz she would have masqueraded her MAC address for sure.

  6. Anonymous Coward
    Happy

    title, what title?

    Competition is a good thing, both products should benefit. An those of us that use these products will benefit the most.

    Fight it out boys, bare knuckles all the way!

  7. Anonymous Coward
    Stop

    Call me cynical but

    Sourcefire need to chill.

    (a) Suricata is barely off the drawing board

    (b) It is unlikely to come to fruition for a couple of years

    I suspect that Sourcefire are squealing because they stand to lose a ton of money in federal contracts if Suricata becomes the federal standard. But they need not worry too much, we've all seen this movie before. The federal government kickstarts adoption of a standard and the entrenched vendors squeal a lot, then realize that they need to play nice, since the Feds are a big customer, and then the market decisively dumps that standard in favor of the defacto market standard. OSI vs the IP stack, X.400/X.500 vs. SMTP and LDAP, IPv6 vs IPv4 spring to mind.

    I predict that Sourcefire will realize that they make more money by working with Suricata than against it, co-opt some of the ideas, and sell "Suricata-Snort" back to the Feds. (Everyone else in the commercial market will carry on buying 'standard Snort', and eventually the Feds will get the picture, abandon Suricata-Snort and everything will be rosy again.)

    An example of this behavior is when Microsoft realized that Exchange Server was unsaleable to the feds unless it could offer Defense Messaging System compliance, so they bolted on X.400 and X.500 support whilst standard Exchange moved rapidly to an an LDAP/SMTP system. Eventually the feds abandoned X.400/500 and went to the standard product. Note that it was not a complete waste of time - a lot of the expertise MS picked up in X.500 made its way into Active Directory.

  8. CASIOMS-8V
    Thumb Down

    Anna Chapman ?

    Saw a picture of an alluring Russian spy and read an article about IPS.

    Left dissapointed.

  9. Anonymous Coward
    Anonymous Coward

    In the whole world

    As a computer user with some experience, I have the impression that the world is stumbling when it comes to security and privacy, and I do not like it.

    I also think it is unfortunate that there appears to be no will, to want to educate people on matters of security and privacy. When you install a web browser, there are afaik no guides that actually set out to teach you how certificates work, or how encryption work, or how the internet works. It is like nobody really care for teaching others how things actually work.

    Wikileaks provided a shorter video of them explaining how to behave when submitting information, and I found that information interesting in how they actually seem to want to teach you something. Would be nice I think if Wikileaks could focus on teaching people about all there is to know about the internet with the various security and privacy issues.

  10. Antti Roppola

    Threads and performance - polishing the digestive byproduct?

    There's been a few high profile debates about whether threads are the answer. If the Snort folks consider a threaded solution as flawed from the outset, I can see why they'd see it as a fruitless diversion of effort.

  11. Anonymous Coward
    Black Helicopters

    I'm pretty sure sourcefire/snort knows what they're talking about.

    amusing in that I'm currently interviewing with Sourcefire stateside. I never knew anything of their history, aside from what's on their website, or the attempted buyout from Checkpoint.

    Having toured the place I can say with full-confidence that the programmers are competent, skilled indviduals. As Antti Roppola mentioned above, if they consider a multi-threaded solution as flawed from the outset, and considering that snort has IDS expertise stemming from the mid-90's and is the de-facto standard for IDS systems today, there should be no reason to question their expertise.

    There's not really a whole lot you can do to innovate or improve the performance of an IDS system other than: trim the ruleset to only check for relevant items (e.g. why bother doing IDS rule checks for Solaris workstations when your company is a windows-only shop), or provide better hardware. So their project roadmap is: INCREASE RULESETS, INCREASE HARDWARE BEEFINESS, FIX BUGS 30 GOTO 10. Proof is in the pudding that multi-threading isn't going to help if sourcefire's tests are any conclusion.

    Black Helicopters because it's obviously a conspiracy.

  12. Rob Dobs
    Pint

    Open Source fight = public win

    Two competing camps to provide an open source solutions to the public... sounds like a win win scenario for the rest of us.

    Also How relevant are ATM and Token Ring today?.....Sure they have their applications, but almost EVERYTHING I work with runs over copper UTP cables, with maybe MPLS/Fiber for backbone (which can run on ATM). I haven't even heard of a Token Ring implementation since the old Mae-East, Mae-West rings that were the core of the internet in the early 90's.

    Its humpday - have a pint!

  13. Anonymous Coward
    Anonymous Coward

    Good idea, Snort needs the competition

    Sounds like a good idea. Snort is more like a religion now than a technology. If you dare question its capabilities online, the Snort faithful will stampede to discredit you and argue away any point you made.

    However, I wonder about the companies involved. Why is Breach, a web application firewall company and IOactive, a company that does not install, use or sell IPS solutions, involved in this? Seems to me that the group needs to get some companies who actually install, sell and use IDS/IPS technologies and not just some gadflies who want press.

This topic is closed for new posts.