Is open source Snort dead? Depends who you ask

By , Network World |  Security, IDS, snort

Is Snort, the 12-year-old open-source intrusion detection and prevention system, dead?

The Open Information Security Foundation (OISF), a nonprofit group funded by the U.S. Dept. of Homeland Security (DHS) to come up with next-generation open source IDS/IPS, thinks so. But Snort's creator, Martin Roesch, begs to differ, and in fact, calls the OISF's first open source IDS/IPS code, Suricata 1.0 released this week, a cheap knock-off of Snort paid for with taxpayer dollars.

The OISF was founded about a year and a half ago with $1 million in funding from a DHS cybersecurity research program, according to Matt Jonkman, president of OISF. He says OISF was founded to form an open source alternative and replacement to Snort, which he says is now considered dead since the research on what is supposed to be the next-generation version of Snort, Snort 3.0, has stalled.

"Snort is not conducive to IPv6 nor to multi-threading," Jonkman says, adding, "And Snort 3.0 has been scrapped."

According to Jonkman, OISF's first open source release Suricata 1.0 is superior to Snort in a number of ways, including how it can inspect network packets using a multi-threading technology to inspect more than one packet at a time, which he claims improves the chances of detecting attack traffic. Suricata is also said to support IP reputation to be able to flag traffic from "nefarious origins" as well as automated protocol detection to automatically identify the protocol used in a network stream.OISF now includes nine consortium members, Kerio, Bivio, NitroSecurity and Breach Security Labs along with a number of other individual code contributors, including Ivan Ristic.

The Suricata open source code is available for free by users and vendors, according to Jonkman, although OISF is asking for fees when Suricata code is changed to accommodate a specific use. "Some vendors want to make changes to make it work really well," Jonkman says, adding this usage of Suricata would lead to a different commercial licensing structure.

Suricata is being positioned as a replacement for a presumably dying Snort. Snort was originally created 12 years ago by Roesch,CTO of http://www.sourcefire.com/company/exec/ ">Sourcefire, which he founded in 2001 to commercialize Snort, while also keeping the Snort code base open source.

While Sourcefire had done modestly well, Snort open source has endured and thrived with spectacular success, today having about 300,000 registered users, and nearly 100 vendors that integrate Snort into their own security products.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question