New Name, Same OLD Approach

Recently Network World’s Ellen Messmer asked “Is open-source Snort dead?” With claims of a new and improved open-source IDS engine, OISF certainly hopes so. Or course Sourcefire, the keeper of Snort, vehemently disagrees.
While Open source projects are a great way to drive interest and innovation in almost any field, it will be interesting to see what unique developments come from the OISF project. It is interesting that such an effort would be focused on a market that is as mature as the IDS/IPS marketplace. Generally, such open source projects are focused on driving primary innovation in the field of focus. Based on their leadership and features in the initial release, it appears that they are focused on making a new and improved version of Snort. The state of the Network Threat Prevention industry has really moved beyond the assumptions that lead to early Snort success.
Today, effective network threat protection is dependent on having a fundamental understanding of the threat, not just pattern matching detection of packet captures. For example, looking at a packet capture will never tell you that the attack is designed to morph every 24 hours. To understand the threats, you have to have an in-depth understanding of the code that is generating the attack. That means the fundamental research effort moves from looking at packets to capturing (continue reading...)