Sguil Project Acquired by Cisco

Three years ago I posted Cisco Routers Run Tcl, I had no idea where that development could run. Last month when I posted Sguil 0.7.0 Released, I wanted to say more about the release, but I couldn't -- until now. I am happy to report the following.

Cisco Announces Agreement to Acquire Sguil™ Open Source Security Monitoring Project

Acquisition Furthers Cisco’s Vision for Integrated Security Products

SAN JOSE, Calif., and LONGMONT, Color., April 1st, 2008 – Cisco and the Sguil™ project today announced an agreement for Cisco to acquire the Sguil™ project, a leading Open Source network security solution. With hundreds of installations world-wide, Sguil™ is the de facto reference implementation for the Network Security Monitoring (NSM) model. Sguil™-based NSM will enable Cisco’s customer base to more efficiently collect and analyze security-related information as it traverses their enterprise networks. This acquisition will help Cisco to cement its reputation as a leader in the Open Source movement while at the same time furthering its long-held vision of integrating security into the network infrastructure.

Under terms of the transaction, Cisco has acquired the Sguil™ project and related trademarks, as well as the copyrights held by the five principal members of the Sguil™ team, including project founder Robert "Bamm" Visscher. Cisco will assume control of the open source Sguil™ project including the Sguil.net domain, web site and web site content and the Sguil™ Sourceforge project page. In addition, the Sguil™ team will remain dedicated to the project as Cisco employees, continuing their management of the project on a day-to-day basis.

To date, Sguil™ has been developed primarily in the Tcl scripting language, support for which is already present inside many of Cisco’s routers and switches. The new product, to be known as “Cisco Embedded Monitoring Solution (CEMS)”, will be made available first in Cisco’s carrier-grade products in 3Q08, with support being phased into the rest of the Cisco product line by 4Q09. Linksys-branded device will follow thereafter, though the exact deployment schedule has yet to be announced.

“We’re extremely pleased to announce this deal,” said Cisco’s Chief Security Product Manager Cletus F. Simmons. “For some time, our customers have told us that our existing security monitoring products did not extend far enough into their network infrastructure layer. Not only was it sometimes difficult to intercept and monitor the traffic, but there were often political problems at the customer site with deploying our Intrusion Detection Systems, as management had heard several years ago that they ere ‘dead’. Now, with Sguil™ integrated into all their network devices, they’ll have no choice!”

Although the financial details of the agreement have not been announced, Sguil™ developer Robert Visscher will become the new VP of Cisco Rapid Analysis Products for Security. “This deal means a lot to the Sguil™ project and to me personally,” Visscher explains. “Previously, we had to be content with simply being the best technical solution to enable intrusion analysts to collect and analyze large amounts of data in an extraordinarily efficient manner. But now, we’ll have the additional advantage of the world’s largest manufacturer of networking gear shoving it down their customers’ throats! We will no longer have to concern ourselves with mere technical excellence. Instead, I can worry more about which tropical island to visit next, and which flavor daiquiri to order. You know, the important things.”

About Cisco Systems

Cisco, (NASDAQ: CSCO), is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.

About Sguil™

Sguil™ is the leading Network Security Monitoring (NSM) framework. It is built for network security analysts by network security analysts. Sguil’s main component is an intuitive GUI that provides access to a wide variety of security related information, including real-time IDS alerts, network session database and full packet captures. Sguil™ was written by Robert “Bamm” Visscher, who was apparently too cheap to buy a book on Java or C.


I can't wait to see how well Sguil performs on Cisco routers. Stay tuned!

Comments

Anonymous said…
Congratulations to you guys. It's great to see that all the hard work has paid off.

I want to see a future post that highlights the configuration of Bamm's new tropical villa, with a CEMS in every switch closet.
yoshi said…
I've worked with Sguil on and off for years but never moved it into a production capacity due to stability issues. And honestly I don't think being acquired by Cisco is a positive move due to their history of poor integration between products that they acquire. Although they have improved a little bit lately. But whatever.
Anonymous said…
Er, uh, ahem.

Happy April 1st.
yoshi said…
Yes - that occurred to me 3 seconds after I hit post. Although the sad part this move seemed completely plausible.
Anonymous said…
Not just plausible, but how many of us would give our eye teeth to have this functionality embedded right into our routers!
Anonymous said…
SGUIL LANNDS ON MARS! No intelligent life found!

Happy April 1st.
Anonymous said…
It's only fair. Since Microsoft acquired everyone's wallets, Cisco should get the rest. :)

Excellent post Richard.
bamm said…
Sguil™ was written by Robert “Bamm” Visscher, who was apparently too cheap to buy a book on Java or C.

It's April 1st and no truer words have ever been written. :)

Bammkkkk
VP of CRAP for Security
Joe said…
Oh man. I never thought Richard would join the ranks of the April Fools. I wish I could have this day off. I can't get anything done today due to the sheer amount of pranks online and in the workplace.
Anonymous said…
Out of curiosity.... how does reading blogs qualify as "getting anything done"?
Anonymous said…
I almost downloaded the current Sguil source immediately due to a fear that Cisco would jack it up in 2 days.

Nice April fools, on the level of the Alien invasion radio story of the 50's.
Anonymous said…
>> The new product, to be known as “Cisco Embedded Monitoring Solution (CEMS)” >>

ROTFL !
Anonymous said…
Ahahaha good one. I actually swear to myself because it seems like any product Cisco acquires turns into garbage.
Anonymous said…
See, this crap isn't funny when due to living in a different timezone you read it on April 2.
Anonymous said…
I was taking it seriously until the end in Visscher's comments: “Previously, we had to be content with simply being the best technical solution to enable intrusion analysts to collect and analyze large amounts of data in an extraordinarily efficient manner. But now, we’ll have the additional advantage of the world’s largest manufacturer of networking gear shoving it down their customers’ throats! We will no longer have to concern ourselves with mere technical excellence. Instead, I can worry more about which tropical island to visit next, and which flavor daiquiri to order. You know, the important things.”

That struck me as fishy....
Anonymous said…
That was scary

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics