Firewall Wizards mailing list archives
Re: Proxies, opensource and the general market: what's wrong with us?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Mon, 25 Apr 2011 20:29:56 -0400
Anton Chuvakin wrote:
In ArkanoiD's insightful rant, I am hearing "open source security tools are dead." Is that really so? I doubt it - and here is why: I think a lot of use cases for OSS sec tools are being dismissed by the rant author as "cheapo crap." In reality, "cheapo crap" means "used by everybody else but F1000"
The problem is that's where the money is. And PCI and other audit standards are going to exacerbate the problem. The market has shifted away from do-it-yourself to checkbox security in a big way, and that means that the OSS products pretty much are left to appeal to the customer who has no money, i.e: is not interesting to the vendors. I agree with you that it's not necessarily "crap" but OSS generally means "free" which also means that one or two OSS solutions suck all the oxygen out of the bottom of the market - while the commercial offerings dominate the middle and the top. If you get into a feature war with a commercial product that has 20 engineers working on it, full-time, you are not going to win if you're a typical OSS project. That is especially the case with firewalls. It's one thing to write a bunch of software that's going to run in *BSD or whatever, but the commercial competition is using Cavium processors on custom mother-boards with crypto accellerators and regex in silicon. To play where the commercial bandwidth is, you need a couple million bucks - at a minimum - just to tool up enough to start developing a product, let alone bring it to market. Back in the day, customers always tortured me about bandwidth through the firewall - even though, at that time, nobody actually knew what they were pushing; they just needed a promise that it was faster than it could possibly be. OSS by its nature appeals to people that won't just believe a sales brochure that says "it'll handle 20 jillion wossnames/sec!" but the commercial market is now acclimated to exactly that. It's a cultural divide that's only deepening and will get much deeper still in the coming years. Where I still have some hope is the "advanced persistent threats yadda yadda" is slowly cluing people in to the fact that you CANNOT escape without knowing what's going on in your network. Looking for command and control is the next IDS and antivirus signatures everywhere game but the survivors are already looking at how to parse their networks apart, logically, to improve analysis of traffic and to figure out how to leverage configuration management and change detection to identify machines that are infected. There won't BE a one size fits all technology for that (though many things will be sold as exactly that) because it's got to be specific to your network, and - at its core - knowledge based on facts you know about how your network should behave. In other words a move away from "misbehavioral" based anomaly detection toward "goodbehavioral" based analysis. There will be a market for building tools for such purposes but, again, they'll have to handle skull-popping amounts of data at really high speeds. I don't see OSS working in that space unless someone makes an OSS network processor-based applications framework that includes hardware. No vendor will do that because they don't care about some OSS project; they want to sell to Cisco or Palo Alto or whoever. The short form of all that is that I think the security market has matured, financially, if not technologically. The do-it-yourselfers are fewer and fewer and I guess we're kind of like steampunks: longing for technology of yesteryear where we forget today how much we hated it then. mjr. -- Marcus J. Ranum CSO, Tenable Network Security, Inc. http://www.tenable.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Anton Chuvakin (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Marcus J. Ranum (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Magosányi Árpád (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? Tracy Reed (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Tracy Reed (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? David Lang (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? Magosányi Árpád (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? Tracy Reed (Apr 28)
- Re: Proxies, opensource and the general market: what's wrong with us? David Lang (Apr 28)
- Re: Proxies, opensource and the general market: what's wrong with us? Magosányi Árpád (Apr 28)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Anton Chuvakin (Apr 25)