 |
|
 |
|
|
 |
[Snort-users] Snort is a "niche player" |
 |
 |
|
|
06-29-04 10:47 PM
I see that Gartner Research are dismissing Snort as a "Niche Player" in
their recent report "Magic Quadrant for Intrusion Detection Systems, 2H03".
Has anybody else read this report?, and if so, what is your opinion?
Regards, Ya'akov
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
Re: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-29-04 10:47 PM
[Warning: Uncensored and not entirely though through response follows.
I have not, nor do I plan to waste my time reading anything Gartner
publishes.]
These are the same people that, every time an IIS vuln hits the wire,
puts out a "report" that indicates that companies would be safer
immediately switching to another platform, running another web server.
Like someone who can't secure a Windows box can secure a Linux farm.
And because the risk analysis required for an organization to switch
platforms overnight is fast and/or easy. And because making knee-jerk
technical decisions like this is a good idea. And so on...
Anyone foolish enough to read anything that Gartner releases and take it
without a number of very large grains of salt should, by all means, stop
using Snort and immediately purchase and deploy whatever product Gartner
recommends by way of their little magic eight-ball/quadrant/revenue-box
(which, for the bargain price of ~$250/hour, Gartner will kindly design
and deploy for you--because they're nice people).
Yaakov Yehudi wrote:
> I see that Gartner Research are dismissing Snort as a "Niche Player" in
> their recent report "Magic Quadrant for Intrusion Detection Systems, 2H03"
.
> Has anybody else read this report?, and if so, what is your opinion?
>
> Regards, Ya'akov
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> ________________________________________
_______
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists...nfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf....ist=snort-users
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-29-04 10:47 PM
--=-0YkwC4tkbojrylj0U2Oj
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2004-06-29 at 10:41, Keith W. McCammon wrote:
> Anyone foolish enough to read anything that Gartner releases and take it=2
0
> without a number of very large grains of salt should, by all means, stop=2
0
> using Snort and immediately purchase and deploy whatever product Gartner=2
0
> recommends by way of their little magic eight-ball/quadrant/revenue-box=20
You mean getting rid of IDSes and start buying Checkpoint firewalls with
Deep Packet Inspection? hmmmm....okay.
(If Snort is a niche-player, why is its rule syntax the inofficial
de-facto standard for the IDS industry? 
Cheers,
Frank
--=-0YkwC4tkbojrylj0U2Oj
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBA4ZGtJjGc5ftAw8wRAmUsAKCaUAWQaxtE
CeodOIqAf0KS1DyajwCfZiM9
8Yax2aMotgySdcHf/d/ebiI=
=5D20
-----END PGP SIGNATURE-----
--=-0YkwC4tkbojrylj0U2Oj--
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-29-04 10:47 PM
I have the report. The copy I have was sent to me by our
vendor, who is listed in the "Visionary" category. The fact
that they are in there immediately told me that Gartner had not
actually *used* any of these products because our vendor (who
will remain unnamed) is so atrocious. It is a 7-page report and
it gave me the distinct impression that were Gartner to be in my
house while I was painting they would stand behind me and point
out all the spots I missed while drinking a margerita with their
feet propped up on my table.
=====
-----------------------------------------------------------
With a few exceptions, secrecy is deeply incompatible with
democracy and with science.
--Carl Sagan
-----------------------------------------------------------
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-29-04 10:47 PM
Yaakov Yehudi a dit :
> I see that Gartner Research are dismissing Snort as a "Niche Player" in
> their recent report "Magic Quadrant for Intrusion Detection Systems,
> 2H03".
> Has anybody else read this report?, and if so, what is your opinion?
Gartner... Gartner...
These same guys who said IDS were dead last year ? :-)
Guillaume Arcas
------------------------------------------------------------------------
L=E0-bas, vers le sud, la plaine s'ouvre, infinie, attirante...
Puis le d=E9sert, sa vie libre et errante et son bienfaisant silence.
Isabelle Eberhardt - Au pays des sables.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-29-04 10:47 PM
The NAI guys were referring to the last Magic Quadrant (MQ) that came
out covering the IDS space that put them in the "lead" position due to
Gartner's enthusiasm for their Intruvert acquisition and relegated
Snort into the "niche" corner (with my own company Sourcefire out in
front of it by a little and below all the other companies). Snort and
Sourcefire were basically positioned in the quadrant which implies that
we are less able to execute on our plans and less innovative in our
technology than everyone else in the industry, including companies that
are smaller with less money than us and fewer customers as well as
companies that haven't invented or demonstrated any innovation in their
entire corporate history. If anyone wants a picture of the InfoWorld
2004 Innovator award I have sitting on my desk here (that we got for
Sourcefire inventing our RNA product) I can ship it over to show that
we are actually working on new stuff that is pretty cool (in my
admittedly biased opinion).
Before you call "sour grapes" on me, please be aware that given the
information Gartner had on Sourcefire at the time that they wrote this
MQ report this information was quite possibly relatively accurate in
terms of where they thought we were. Basically they thought we were a
niche player because they thought Sourcefire was strictly an IDS
company. Unfortunately, being a niche player didn't earn us a briefing
before they went to press with the MQ, so we ended up in loserland. I
probably didn't help "foster mutual communication and understanding" by
publicly calling bullshit on them last year when they took their "IDS
is dead" show on the road. Bygones people. Now that they've seen and
understand our RNA technology and how we're integrating network context
into our IDS processes as well as providing all the cool policy
enforcement stuff (as well as an IPS) they know that we're a lot more
than a one trick pony.
Now, Gartner just released one of their "Hype Cycle" reports a few
weeks ago that shows that Snort is in the "early mainstream" phase of
acceptance and on an even footing (in terms of acceptance of the
technology) with other well known Open Source technologies as Linux,
OpenSSL and Nessus. It's pretty surreal that NAI is presenting Snort
as a niche player when we're getting roughly 15,000 downloads of Snort
*per week* while the NAI/Intruvert combo has several hundred sensors
fielded after 18 months of selling.
Who's the niche player?
NAI is confusing their positioning (i.e. marketing) with their position
(i.e. acceptance/deployment), they have an enterprise high performance
intrusion detection/prevention engine that is priced to match and still
relatively early in their product life cycle. Snort is much more
widely deployed and accepted than they will ever be and quite frankly
has become the ruler by which most other IDS technologies seem to be
measured (or, less generously, the lowest common denominator of IDS
functionality).
Anyway, don't mean to get on a rant here but this is what a
psychologist would call "projecting". Look it up.
-Marty
On Jun 29, 2004, at 11:27 AM, etienne.causse@pierre-fabre.com wrote:
>
> I've seen a part of this report in a presentation made by Network
> Associates to my boss. They were trying to sell to us their Intrusion
> Protection System.
> I think it's not possible to know how many installations of Snort
> exists in
> the companies, as it is not a commercial product, so Gartner's figures
> are
> probably wrong.
>
> Anyways, i'm interested by any other comments about theses figures.
>
> Regards,
> Etienne.
>
>
>
>
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-29-04 10:47 PM
> If anyone wants a picture of the InfoWorld
> 2004 Innovator award I have sitting on my desk here (that we got for
> Sourcefire inventing our RNA product) I can ship it over to show that
> we are actually working on new stuff that is pretty cool (in my
> admittedly biased opinion).
I would believe it. As an avid fan of RNA I think you guys did a
great job with that and look forward to anything new you guys manage
to develop. So, keep up the good inovative work, and I'll go clean
this stuff off my nose. *sigh*
-=Mike
--
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-30-04 08:06 AM
"Guillaume Arcas" <guillaume.arcas@free.fr> writes:
> Yaakov Yehudi a dit :
>
> Gartner... Gartner...
> These same guys who said IDS were dead last year ? :-)
That's funny, my IDS just sent me an alert saying "Gartner is dead."
(Someone must have already made this [bad] joke, mustn't they?)
--
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-30-04 08:06 AM
Thanks for your reply Marty, it seems like a pretty balanced one to me.
Regards, Ya'akov
-----Original Message-----
From: Martin Roesch [mailto:roesch@sourcefire.com]
Sent: Tuesday, June 29, 2004 22:41
To: etienne.causse@pierre-fabre.com
Cc: 'snort-users'; Yaakov Yehudi
Subject: Re: [Snort-users] Snort is a "niche player"
The NAI guys were referring to the last Magic Quadrant (MQ) that came out
covering the IDS space that put them in the "lead" position due to Gartner's
enthusiasm for their Intruvert acquisition and relegated Snort into the
"niche" corner (with my own company Sourcefire out in front of it by a
little and below all the other companies). Snort and Sourcefire were
basically positioned in the quadrant which implies that we are less able to
execute on our plans and less innovative in our technology than everyone
else in the industry, including companies that are smaller with less money
than us and fewer customers as well as companies that haven't invented or
demonstrated any innovation in their entire corporate history. If anyone
wants a picture of the InfoWorld
2004 Innovator award I have sitting on my desk here (that we got for
Sourcefire inventing our RNA product) I can ship it over to show that we
are actually working on new stuff that is pretty cool (in my admittedly
biased opinion).
Before you call "sour grapes" on me, please be aware that given the
information Gartner had on Sourcefire at the time that they wrote this MQ
report this information was quite possibly relatively accurate in terms of
where they thought we were. Basically they thought we were a niche player
because they thought Sourcefire was strictly an IDS company. Unfortunately,
being a niche player didn't earn us a briefing before they went to press
with the MQ, so we ended up in loserland. I probably didn't help "foster
mutual communication and understanding" by publicly calling bullshit on them
last year when they took their "IDS is dead" show on the road. Bygones
people. Now that they've seen and understand our RNA technology and how
we're integrating network context into our IDS processes as well as
providing all the cool policy enforcement stuff (as well as an IPS) they
know that we're a lot more than a one trick pony.
Now, Gartner just released one of their "Hype Cycle" reports a few weeks ago
that shows that Snort is in the "early mainstream" phase of acceptance and
on an even footing (in terms of acceptance of the
technology) with other well known Open Source technologies as Linux, OpenSSL
and Nessus. It's pretty surreal that NAI is presenting Snort as a niche
player when we're getting roughly 15,000 downloads of Snort *per week* while
the NAI/Intruvert combo has several hundred sensors fielded after 18 months
of selling.
Who's the niche player?
NAI is confusing their positioning (i.e. marketing) with their position
(i.e. acceptance/deployment), they have an enterprise high performance
intrusion detection/prevention engine that is priced to match and still
relatively early in their product life cycle. Snort is much more widely
deployed and accepted than they will ever be and quite frankly has become
the ruler by which most other IDS technologies seem to be measured (or, less
generously, the lowest common denominator of IDS functionality).
Anyway, don't mean to get on a rant here but this is what a psychologist
would call "projecting". Look it up.
-Marty
On Jun 29, 2004, at 11:27 AM, etienne.causse@pierre-fabre.com wrote:
>
> I've seen a part of this report in a presentation made by Network
> Associates to my boss. They were trying to sell to us their Intrusion
> Protection System.
> I think it's not possible to know how many installations of Snort
> exists in the companies, as it is not a commercial product, so
> Gartner's figures are probably wrong.
>
> Anyways, i'm interested by any other comments about theses figures.
>
> Regards,
> Etienne.
>
>
>
>
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring roesch@sourcefire.com -
http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: [Snort-users] Snort is a "niche player" |
|
|
|
|
06-30-04 08:06 AM
Yes, those would be the same ones! It's not the first time that I have
felt I needed to take one of their reports with a "pinch of salt" =
(sorry,
make that a cup!).
Regards, Ya'akov
-----Original Message-----
From: Guillaume Arcas [mailto:guillaume.arcas@free.fr]=20
Sent: Tuesday, June 29, 2004 20:05
To: Yaakov Yehudi
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Snort is a "niche player"
Yaakov Yehudi a dit :
> I see that Gartner Research are dismissing Snort as a "Niche Player"=20
> in their recent report "Magic Quadrant for Intrusion Detection=20
> Systems, 2H03".
> Has anybody else read this report?, and if so, what is your opinion?
Gartner... Gartner...
These same guys who said IDS were dead last year ? :-)
Guillaume Arcas
------------------------------------------------------------------------
L=E0-bas, vers le sud, la plaine s'ouvre, infinie, attirante...
Puis le d=E9sert, sa vie libre et errante et son bienfaisant silence.
Isabelle Eberhardt - Au pays des sables.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 03:39 PM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
|
 |
|
 |
|
