[Snort-sigs] [Emerging-Sigs] Cisco acquires Sourcefire ... should we be worried?

Kevin Ross kevross33 at ...3390...
Fri Sep 20 04:14:26 EDT 2013


Hi,

Just saw this today and thought it is an interesting follow up:
http://www.infosectoday.com/Articles/Big_Data_Heuristics.htm

This article certainly covers this aquisition from the point of view of
malware and big data which increases my belief that the primary reason for
the acquisition is FireAMP and not Snort. However; I would be very happy if
Snort started to be integrated into Cisco ASA firewalls and things :D What
I do find interesting though is Cisco originally acquired Cognitive
Security which I cannot find anymore and it seemed at the time that their
intention for this was basically the same thing; they wanted big data
visibility into malware.

Regards,
Kevin


On 13 September 2013 00:41, Kevin Ross <kevross33 at ...3390...> wrote:

> Yeah but with MARS it was pretty much an undeveloped product that didn't
> really adapt to new threats. Though they certainly put the advertising out
> there like in 24 https://www.youtube.com/watch?v=I3IeWw_vu9Q :)
>
> So MARs really was dying and Cisco let it happen but I don't really see
> Snort dying anytime soon and hopefully Cisco's acquisition will allow for
> integration into their products (I would much rather have Snort IPS running
> on ASA firewalls that the Cisco IPS software). Although for some reason I
> get the idea that Cisco's aquisition may have have more to do with FireAMP
> than Snort and Cisco trying to build up their threat intelligence
> capabilities like with they acquired the Prague based company Cognitive
> Security
> http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/cognitivesecurity.html
>
> Regards,
> Kevin
>
>
> On 23 July 2013 20:33, Joe Kraxner <joe at ...3829...> wrote:
>
>> Uh, they don't let them die? Ever heard of Protego Networks aka Cisco
>> MARS? ;)
>>
>> I agree, I'm a bit concerned with Snort as well.
>>
>> Sent from my Go-Go-Gadget Phone
>>
>> On Jul 23, 2013, at 11:58 AM, Bad Horse <b4dh0rs3 at ...2420...> wrote:
>>
>> What a crazy random happenstance! Today I see the news that Cisco is
>> acquiring Sourcefire (
>> http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html).  I
>> know this will make the Sourcefire people a lot of money but honestly it
>> makes me concerned.
>>
>> My primary worries center around the the traditional open source position
>> of Snort and Sourcefire (although some have questioned the open source
>> attitude of Sourcefire at times and I don't necessarily agree with them nor
>> do I wish to bring up that argument here).  But what will happen to Snort?
>> Cisco is extremely adroit at acquiring companies and leveraging them to
>> push their company forward.  Progress via acquisition? Yes. But Cisco
>> doesn't let the companies they buy just die, they use them to enhance their
>> position in the marketplace.  So I say again, what will happen to Snort and
>> the open source roots it grew from?
>>
>> Obviously, Cisco will use Snort IDS in their products; Cisco currently
>> has an IDS offering which is weak and thus you have the Sourcefire buy.  So
>> now we can expect to see Snort as an integrated module in Cisco firewalls,
>> routers, and other networking equipment.
>>
>> But will Snort remain open source?  What will happen to the rulesets?
>> The mailing lists? Will the "community" that Joel has been trying to build
>> be put out to pasture?
>>
>> I have to be honest ... today I just approved a purchase order for some
>> major hardware that the team will be using to evaluate Suricata (
>> http://suricata-ids.org/) and some other open source IDS/IPS solutions
>> such as Bro (http://www.bro.org/).  I am also investigating ET Pro (
>> http://www.emergingthreats.net/) as a source for high quality rulesets
>> and scheduling some PoCs with high ranking managed security services (MSS)
>> providers.  With the news about Cisco, the future of Snort is uncertain and
>> I need to be prepared (or be prepared to pay Cisco prices in a year or two
>> when they implement Snort which I'd rather not do if there are viable open
>> source alternatives).
>>
>> I worry that Snort may become closed source in the near future and that
>> progress on the IDS engine will stall during the acquisition period.
>> Additionally, I fear that the vibrant Snort community will quickly dry up
>> if everything becomes closed source and you have to "pay to play".
>>
>> Are my fears unfounded?  Or is Snort just going to get better?  I'd love
>> to see a press release saying that Cisco is committed to keeping Snort open
>> source although with a purchase price of $2.7B USD I'm not sure how much
>> Sourcefire cares right now since they are lounging on all that cash :)
>>
>> -B4d H0rs3
>>  The Thoroughbred of SYN
>>
>> ------------------------------------------------------------------------------
>> See everything from the browser to the database with AppDynamics
>> Get end-to-end visibility with application monitoring from AppDynamics
>> Isolate bottlenecks and diagnose root cause in seconds.
>> Start your free trial of AppDynamics Pro today!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>>
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at ...3694...
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>> The ONLY place to get complete premium rulesets for all versions of
>> Suricata and Snort 2.4.0 through Current!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130920/695c66fa/attachment.html>


More information about the Snort-sigs mailing list