Andrew Hay

As we detailed in our April long-format report The Cyber-Security Playbook, the greater intrusion sector is composed of two iterations of intrusion-detection system (IDS) technology, built with two distinct threat paths in mind – the network and the host – referred to as network intrusion detection systems (NIDS) and host intrusion detection systems (HIDS), respectively.

IDS technologies have been around since the early 1980s, and were invented to detect anomalous behavior and misuse from a network-centric perspective. These software applications were traditionally deployed to detect external network-traversing threats in a similar fashion to the way airborne warning and control systems and radar arrays were leveraged to provide early warning of conventional military attacks. IDS technologies were born out of a need to provide the same early-warning indicators as traditional defensive technologies, but spread atop a relatively new and somewhat indefensible technological battlefield.

When most people speak of 'open source intrusion detection,' however, they immediately think of the venerable Snort IDS project. What most don't know is that there are several other projects in active development that provide much of the same functionality – and some with even greater features.

(Read the full report here - subscription required)

Open source software provides several advantages that can, and should, be leveraged by enterprise security vendors to extend or complement current capabilities, add new features, and perhaps even open new doors in the existing customer base or for prospective customers. As a former engineering manager (and later product and program manager) responsible for driving third-party integration at a security software startup, I have had lots of experience in auditing customer requirements and leading the integration of open source software technologies into a core product. Through my experience, I've learned that even if the inclusion of open source software isn't something that a vendor is currently considering, simply having the option to integrate said capabilities in the future may be an attractive draw. Also, if the vendor does choose to fold open source security technology into the product, the resulting capabilities may help diversify and differentiate said product among its peers. I've also learned just how difficult it is to find the required information to properly design the functional specifications document, develop integration and validate the results.

Why might you choose the open source software instead of building organically or buying commercial technology? For one thing, the code is already written and is likely able to be licensed or reused within commercial software – provided the vendor follows the rules of the employed license model. Also, building a comparative product from the ground up might be cost- and resource-prohibitive if the inclusion of the feature is simply considered a differentiator (but not a deal-breaker if it's not present) by the customer. Finally, the acquisition of a commercial competitor to an open source technology might not allow for the advanced customization and integration required to neatly fold the features and functionality into the core product. Our colleagues explore these concepts, among others, in greater detail within the Commercial Adoption of Open Source (CAOS) division of 451 Research.

In these spotlights, we will highlight some important and powerful open source security tools to better educate readers and, perhaps, spark some additional interest for use in future integration roadmap conversations. In addition to discussing the product capabilities, we will identify existing integration methods and even some suggestions for future augmentations to the open source code base. Some of the technology sectors that will be explored include intrusion detection and prevention, asset management, forensics and incident response, SIEM and log management, threat intelligence, vulnerability assessment and management, penetration testing, and packet capture and deep packet inspection.

Solera Networks has released the latest edition of its high-speed network packet capture, storage, and playback security analytics platform dubbed SoleraSix. SoleraSix, released in November 2011, boasts several new features such as alerting capabilities, root cause explorer, malware and reputation services, PCAP import and extended metadata retention. (Read the full report here - subscription required)

Kaspersky Lab recently released an update to its core endpoint security product line in its Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center. The Moscow-based company's new multilayer anti-malware protection, fueled by its global intelligence network and malware research, has been built from the ground up. Kaspersky Endpoint Security 8 for Windows is fully integrated with the cloud-based Kaspersky Security Network (KSN) to provide protection against new and emerging threats in addition to timely data to boost Kaspersky's real-time application controls intelligence. Kaspersky Security Center replaces the Kaspersky Administration Kit and supports Kaspersky Endpoint Security 8 for Windows as well as all existing Open Space Security products. Designed as a central protection management system, the new Kaspersky Security Center protects both physical and virtual environments, with a focus on providing comprehensive management and in-depth security control through a single interface. (Read the full report here - subscription required)

It's been a year since Keylight 1.0 hit the GRC sector, and the company has increased headcount, raised $2m in funding and released the latest version of its platform.

Here we highlight the major areas in enterprise security that we expect to be driving industry innovation in 2012.

Providing a way to scan the un-scannable, Tenable releases the ability to audit patch management systems to help determine vulnerabilities and exposures on deployed enterprise systems.

Having changed its name, hired new leadership, raised fresh funding, released the latest version of its product, opened an office in India and achieved success in international markets, RedSeal says 2011 has probably been its busiest year to date.