Interview : Network security needs to have depth

IT Week: How did you come up with the idea for the Snort intrusion detection and prevention system?
Roesch: In 1998 I was looking to write a new tool that would be able to monitor my cable modem at home, function as a network packet sniffer and be able to have features added to it easily, such as automated analysis. I wrote the package in the C programming language and dubbed it Snort. The two overriding things with Snort were that it had to be flexible and it had to be fast.

Why did you then feel the need to create a company around Snort?
At the end of 2000 I came out of a failed startup and wondered what to do next. Several friends said I should start a company based around Snort and I thought, “How am I going to do this ­ put it on a CD and charge $50 with a manual?” My friends and I worked out a value-add model where we’d sell Snort and wrap policy and configuration management technology around it. But for enterprises, any technology like this needs to be able to scale, and that’s what Sourcefire aims to ensure.

What do you think of unified threat management appliances (UTMs)?
There are situations where these types of appliance are appropriate, but just having border defence is not enough ­ you need defence in depth. I think people understand that it’s not possible to stop everything. If I’m protecting an extensive network, I need to have an extensive set of tools. UTMs are useful for small enterprises and branch offices ­ and they could be useful in large enterprises ­ but it’s difficult to solve all the problems from one point in the network; it’s best to have multiple vantage points. Remember, also, that turning on all the features, like intrusion prevention and content filtering, can lead to performance issues.

Which threats will be taxing the security industry most over the coming years?
Most malware threats seen today are a combination of trojans and botnets. What you’re going to see is a lot of activity on botnet disruption. The attackers now are very professional: there are organisations out there that have quality and assurance departments and source code control. This increasing professionalism has led to rapid changes in malware distribution.

Do you think anti-virus systems are too complex for home users?
The trouble with anti-virus tools is that they need to be tuned to be effective, and most users lack the expertise to do this. We have to get to the point where the smart technology is in the box and not expect home users to know how to configure these systems.

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!