Network intrusion prevention vendor Sourcefire and Insecure.org, the makers of Nmap, are teaming up to integrate tools and produce open source vulnerability scanning software.
The two software vendors signed a license agreement to jointly develop the software using the Nmap Scripting Engine embedded within the Nmap network discovery tool. Under the terms of the agreement, Insecure.org will develop the engine while the Sourcefire researchers will develop and contribute plug-ins for discovering specific vulnerabilities.
The new integrated features will allow the software to identify real-time network changes using the Nmap capabilities to discover specific vulnerability information for data that has been added or changed.
The new engine technology will be available within the open source Nmap Security Scanner as well as bundled into the commercial Sourcefire 3D System. Sourcefire said that the new tools could be combined with its RNA to provide new active scanning capabilities for its customers. The new features enable customers to coordinate passive network discovery with active scanning for vulnerability detection.
At least one user of Sourcefire's open source Snort tool called the licensing agreement positive. The relationship between the two companies could open up a user group community devoted to making vulnerability plug-ins, said Eric S. Nooden, manager of information systems at Rockford, Il.-based Rockford Gastroenterology Associates.
"There is only so much that NMAP can scan for before you have to take that information and research what is vulnerability may exist on that device," he said. "The positive side of adding vulnerability detection is that it will take some of the required research out of doing NMAP scans."
Sourcefire said the integrated tools could reduce scanning times when conducting vulnerability assessments and is part of its approach of using both passive and active assessment technologies for risk assessment.
Sourcefire went public in March and recently revamped its product offering into a strategy it calls Enterprise Threat Management. The software vendor said that Snort, its open source packet-sniffer, would remain the backbone of its new strategy, which combines intrusion prevention, network behavior analysis and network access control and vulnerability assessment.
The vendor also introduced a Master Defense Center, which is the main interface to aggregating security and policy events from up to ten appliances that can be deployed to view and prioritize events. It also added Network Usage Control, a utility that allows customers to set and enforce network user behavior policies.
The challenge for Sourcefire is to differentiate itself from much larger vendors that sell intrusion prevention systems to monitor environments for threats, said Charles Kolodgy, a research director of secure content and threat management products at Framingham, Mass-based IDC in a recent interview with SearchSecurity.com. Juniper Networks, Cisco Systems, ISS (now part of IBM Global Services and TippingPoint Technologies (now a division within 3Com) offer similar IPS tools, he said.
Sourcefire is also trying to leverage its RNA technology, which monitors network behavior. That technology is dominated by much smaller players, including Waltham, Mass.-based Q1 Labs Inc., Kolodgy said.
Nmap has released an alpha version of the scripting engine with a number of initial scripts. The commercial Sourcefire version is expected to be embedded in the 3D System beginning in the first quarter of 2008.