[Snort-sigs] [Emerging-Sigs] Cisco acquires Sourcefire ... should we be worried?

Kevin Ross kevross33 at ...3390...
Thu Sep 12 19:41:54 EDT 2013

Yeah but with MARS it was pretty much an undeveloped product that didn't
really adapt to new threats. Though they certainly put the advertising out
there like in 24 https://www.youtube.com/watch?v=I3IeWw_vu9Q :)

So MARs really was dying and Cisco let it happen but I don't really see
Snort dying anytime soon and hopefully Cisco's acquisition will allow for
integration into their products (I would much rather have Snort IPS running
on ASA firewalls that the Cisco IPS software). Although for some reason I
get the idea that Cisco's aquisition may have have more to do with FireAMP
than Snort and Cisco trying to build up their threat intelligence
capabilities like with they acquired the Prague based company Cognitive


On 23 July 2013 20:33, Joe Kraxner <joe at ...3829...> wrote:

> Uh, they don't let them die? Ever heard of Protego Networks aka Cisco
> MARS? ;)
> I agree, I'm a bit concerned with Snort as well.
> Sent from my Go-Go-Gadget Phone
> On Jul 23, 2013, at 11:58 AM, Bad Horse <b4dh0rs3 at ...2420...> wrote:
> What a crazy random happenstance! Today I see the news that Cisco is
> acquiring Sourcefire (
> http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html).  I
> know this will make the Sourcefire people a lot of money but honestly it
> makes me concerned.
> My primary worries center around the the traditional open source position
> of Snort and Sourcefire (although some have questioned the open source
> attitude of Sourcefire at times and I don't necessarily agree with them nor
> do I wish to bring up that argument here).  But what will happen to Snort?
> Cisco is extremely adroit at acquiring companies and leveraging them to
> push their company forward.  Progress via acquisition? Yes. But Cisco
> doesn't let the companies they buy just die, they use them to enhance their
> position in the marketplace.  So I say again, what will happen to Snort and
> the open source roots it grew from?
> Obviously, Cisco will use Snort IDS in their products; Cisco currently has
> an IDS offering which is weak and thus you have the Sourcefire buy.  So now
> we can expect to see Snort as an integrated module in Cisco firewalls,
> routers, and other networking equipment.
> But will Snort remain open source?  What will happen to the rulesets?  The
> mailing lists? Will the "community" that Joel has been trying to build be
> put out to pasture?
> I have to be honest ... today I just approved a purchase order for some
> major hardware that the team will be using to evaluate Suricata (
> http://suricata-ids.org/) and some other open source IDS/IPS solutions
> such as Bro (http://www.bro.org/).  I am also investigating ET Pro (
> http://www.emergingthreats.net/) as a source for high quality rulesets
> and scheduling some PoCs with high ranking managed security services (MSS)
> providers.  With the news about Cisco, the future of Snort is uncertain and
> I need to be prepared (or be prepared to pay Cisco prices in a year or two
> when they implement Snort which I'd rather not do if there are viable open
> source alternatives).
> I worry that Snort may become closed source in the near future and that
> progress on the IDS engine will stall during the acquisition period.
> Additionally, I fear that the vibrant Snort community will quickly dry up
> if everything becomes closed source and you have to "pay to play".
> Are my fears unfounded?  Or is Snort just going to get better?  I'd love
> to see a press release saying that Cisco is committed to keeping Snort open
> source although with a purchase price of $2.7B USD I'm not sure how much
> Sourcefire cares right now since they are lounging on all that cash :)
> -B4d H0rs3
>  The Thoroughbred of SYN
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> Please visit http://blog.snort.org for the latest news about Snort!
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3694...
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
> The ONLY place to get complete premium rulesets for all versions of
> Suricata and Snort 2.4.0 through Current!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130913/a48fc0e7/attachment.html>

More information about the Snort-sigs mailing list