Network intrusion prevention vendor Sourcefire and
Insecure.org, the makers of Nmap, are teaming up to integrate tools
and produce open sourcevulnerability scanning
software.
 | | | | | The positive side of adding
vulnerability detection is that it will take some of the required
research out of doing NMAP scans.
Eric S. Nooden,
manager of information systemsRockford Gastroenterology
Associates |
| | | | | |
| |
|
The two software vendors signed a license agreement to jointly
develop the software using the Nmap Scripting Engine embedded
within the Nmap network discovery tool. Under the terms of the
agreement, Insecure.org will develop the engine while the
Sourcefire researchers will develop and contribute plug-ins for
discovering specific vulnerabilities.
The new integrated features will allow the software to identify
real-time network changes using the Nmap capabilities to discover
specific vulnerability information for data that has been added or
changed.
The new engine technology will be available within the open
source
Nmap Security Scanner as well as bundled
into the commercial Sourcefire 3D System. Sourcefire said that
the new tools could be combined with its RNA to provide new
active scanning capabilities for its customers. The new features
enable customers to coordinate passive network discovery with
active scanning for vulnerability detection.
At least one user of Sourcefire's open source Snort tool called
the licensing agreement positive. The relationship between the two
companies could open up a user group community devoted to making
vulnerability plug-ins, said Eric S. Nooden, manager of information
systems at Rockford, Il.-based Rockford Gastroenterology
Associates.
"There is only so much that NMAP can scan for before you have to
take that information and research what is vulnerability may exist
on that device," he said. "The positive side of adding
vulnerability detection is that it will take some of the required
research out of doing NMAP scans."
Sourcefire said the integrated tools could reduce scanning times
when conducting vulnerability assessments and is part of its
approach of using both passive and active assessment technologies
for risk assessment.
Sourcefire went public in March and recently revamped its
product offering into a
strategy it calls Enterprise Threat
Management. The software vendor said that
Snort, its open source packet-sniffer, would
remain the backbone of its new strategy, which combines
intrusion prevention, network behavior analysis and network
access control and vulnerability assessment.
@36916
The vendor also introduced a Master Defense Center, which is the
main interface to aggregating security and policy events from up to
ten appliances that can be deployed to view and prioritize events.
It also added Network Usage Control, a utility that allows
customers to set and enforce network user behavior policies.
The challenge for Sourcefire is to differentiate itself from
much larger vendors that sell intrusion prevention systems to
monitor environments for threats, said Charles Kolodgy, a research
director of secure content and threat management products at
Framingham, Mass-based IDC in a recent interview with
SearchSecurity.com. Juniper Networks, Cisco Systems, ISS (now part
of IBM Global Services and TippingPoint Technologies (now a
division within 3Com) offer similar IPS tools, he said.
Sourcefire is also trying to leverage its RNA technology, which
monitors network behavior. That technology is dominated by much
smaller players, including Waltham, Mass.-based Q1 Labs Inc.,
Kolodgy said.
Nmap has released an
alpha version of the scripting engine with a
number of initial scripts. The commercial Sourcefire version is
expected to be embedded in the 3D System beginning in the first
quarter of 2008.