This was a busy week for me; I spent all week teaching (and all last week preparing) a private Network Security Operations class in California. I just flew back from LAX to Dulles this morning and I get on another plane tomorrow afternoon. I'm speaking in San Jose at a Cisco event, and then teaching a second private NSO class again next week.
I've been tracking all of the week's security news. Thank you to those who thought I may have missed something. I didn't want to commit any thoughts to the blog without taking some time to ponder various events. Obviously the biggest news of the week was Checkpoint's $225 million acquisition of Sourcefire.
In short, I didn't see that coming. I have doubts about the future of Snort being a free product, let alone open source. I don't see anyone making the case to the board of a publicly traded company that part of that company's work is going to be given away for free, especially after spending $225 million for it.
You may have seen how Checkpoint is treating users of the free version of Zonealarm, which was purchased by Checkpoint two years ago for $225 million. Sure, the basic Zonealarm firewall is still free, but Checkpoint will not provide a patch for a new security problem. Checkpoint claims the problem has low severity even though proof of concept code exists. To quote John LaCour, director of security services: "It is a theoretical attack that we don't see used in the real world." Great. That rationale has certainly stood the test of time (not).
However, I do not fault Sourcefire at all for being purchased. I never faulted them for the way they handled the new rules licensing, either. The amount of manpower and resources they devote to Snort is incredible, so I am happy to see them be rewarded. I am just not sure Checkpoint is the right fit, at least from where I stand. What are your thoughts?