Slashdot Mirror

← Back to Stories (view on slashdot.org)

CheckPoint Acquires Snort

Posted by CmdrTaco on from the done-sniffing-each-other dept.

bobdehnhardt writes "The Snort-announce list was burning with the news that CheckPoint has signed an agreement to acquire Sourcefire, the commercial arm of the Snort community. As part of the agreement, CheckPoint will "continue to develop and distribute Snort under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site." Here is a message from Snort creator Marty Roesch."

8 of 118 comments (clear)

  1. SnortFIRST by Anonymous Coward · · Score: 1, Interesting

    best.Tool.Ever.

    Hope this does not compromise the GPL nature of this fantasitic project.

  2. Loopholes by diogenesx · · Score: 2, Interesting

    Even with such language, does that stop them from forking the sources and creating a new closed source program with a new name?

    1. Re:Loopholes by sgml4kids · · Score: 2, Interesting

      Nor does anything stop them from directing ongoing snort development to being a "tier B" solution (intentionally degrading the effectiveness or performance of snort) relative to their proprietary "tier A" solutions. Lots of companies do this -- they sell the same product: fully enabled at a premium prices, and partially disabled at a lower price. Many companies manfuacture the generic non-brand products "competing" with their own brands (eg. drug companies). If two products compete with each other, it's a bonus if you own both of them.

      It may be a smart business move and the shareholders/owners of Checkpoint(TM) probably expect them to do whatever is necessary to maximize profits.

      Two thumbs down for this move.

  3. makes sense by spurious+cowherd · · Score: 3, Interesting
    "We believe Sourcefire has world-class solutions for internal security through their Intrusion Sensor, Real-time Network Awareness (RNA), and Defense Center product lines.

    Checkpoint needs this type of network awareness technology to keep up with Cisco
    I know they lost my company's contract because the network admins like the way Cisco stuff integrates

    I'll start by stating again what I've stated in the past, Snort is now and will continue to be free to end-users. We will continue to develop and distribute the Snort engine under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site. The community continues, as always, to be important to us as a group of people who use the code pervasively throughout the entire Internet, report on problems and make suggestions and contributions to the project.

    This is critical to me for many reason. It's good to see. Marty is a man of integrity & I'll bet this is in the aquisition contract

    Check Point to acquire privately held Sourcefire for a total consideration of approximately $225 million.

    Who says you can't make money from FOSS?
    Marty deserves the fiduciary rewards he'll get for all his hard work over the years

    --

    Time flies like an arrow, fruit flies like a banana.

  4. Re:while snort is a fine piece of software ... by j_kenpo · · Score: 2, Interesting

    Which is why you run Snort with full packet logging mode in addition to alert mode. This way, if an alert is missed, you can still see all packets sent in an attack and build an alert from that. Just make sure you have enough storage space.

  5. Umm by temojen · · Score: 2, Interesting
    Since most attacks are based on known techniques, it can detect a lot of new attacks, such as anything that includes:
    (lots of nulls)

    const char * what = "/bin/sh";

    where: push what;
    push EXEC;
    call syscall;

    (some junk)
    &where
    On a whole lot of architectures, regardless of port. Which means it catches just about any stack-smashing attack that's not SSL encapsulated, regardless of service and whether it's known.
  6. Re:In other news by Anonymous Coward · · Score: 1, Interesting

    Who are these companies?

    Note to non-technical people: either STFU or stay the f*** off of /. Frankly, if you don't know who CheckPoint is, half of the stuff here has to be over your head, anyway.

    Can't we have some type of "technical abilities" test, so we can adjust a post's initial score, based on the result? Of course, we'd never see AC posts, but still - it's sad that someone had to use mod points on this.

  7. What happens with the rule set development? by waldonova · · Score: 2, Interesting

    I have snort running with BASE, for a nice NID management setup. Without the rules, not much will happen.
    There are currently three levels of access to rules, as seen at http://www.snort.org/rules/

    1. Anyone can get the rule set that is released with the latest version.
    2. People who pay the big bucks ($1,795/year) can get updated rule sets as soon as they are released.
    3. A third level sits in the middle; where if you register with sourcefire you can get the updated rules five days after they are released to the premium members.

    Martin, I am sure that "Check Point is very excited about continuing Sourcefire's involvement with the open source community!". I hope that doesn't mean that they are excited about getting fees for any and all rules from the open source community.