Posted by: maxsteel
Agile Security, Snort, Sourcefire
Since going public in 2007, network security company Sourcefire Inc., the home of the open source Snort intrusion detection and prevention system, has been busy expanding the breadth of its offerings – and has done so primarily via acquisition. Strategically, it’s a smart move to branch out beyond IDS and into endpoint (Clam AV) and cloud-based protection (Immunet), but the company has admittedly struggled with its identity because of Snort’s tremendous brand.
Today, the company launched a new campaign promoting what it’s calling Agile Security designed to put the message front and center to the market and customers that Sourcefire is deeper than just Snort. The company, founded by Marty Roesch, wants to position its products as a counter to today’s dynamic attacks.
“Traditional security is static; set-it-and-forget-it security doesn’t help,” said Sourcefire senior VP of marketing Marc Solomon. “Our research shows that 75% of the malware we see on customer environments is seen once. These are polymorphic viruses taking on an average lifespan of less than a day. You can’t throw bodies at it, because you can’t keep up. Attackers are winning.”
Sourcefire says the solution is a mix of automation and intelligence on threats that is applied to enterprise networks to set and enforce policies, and ultimately block rather than alert on attacks if the company so chooses.
“Sourcefire has had trouble articulating its vision; ‘We’re the inventor of Snort.’ That was their tagline. That’s no way to build an enterprise security company,” said Richard Steinnon, founder of IT-Harvest, an analyst firm. Steinnon said Sourcefire’s edge is its context-aware offerings via its RNA product and the attack intelligence gained from its cloud-based Immunet initiative Collective Immunity and the Sourcefire Vulnerability Research Team.
Solomon diagrammed the Agile Security vision in four steps: See, Learn, Adapt and Act. Via RNA, which is being re-branded FireSIGHT, customers will be able to watch network traffic for anomalies as it moves over endpoints, different operating systems, and the network. Networks may then adapt to threats and create rules to either alert or block attacks; an upcoming next-generation firewall is at the heart of this phase of the vision, Solomon said. This automation will enable enterprises to act on intelligence in real time, Solomon said.