[Dshield] Check Point acquires Sourcefire

byte_jump bytejump at gmail.com
Fri Oct 7 17:45:42 GMT 2005


On 10/7/05, Hernandez, Moses <MHernandez3 at mercymiami.org> wrote:
> Joel,
>   One of my biggest Concerns in evaluating IPS is not just architecture
> but is in the R&D of Vulnerabilities and Signatures available. How great
> is Sourcefire at providing signatures for the product? There are many
> companies that have a great R&D and are an "Intrusion Prevention"
> company so they make it a point to be on top of the latest threats,
> would you consider Sourcefire a company like that? If so I think that's
> exactly what checkpoint needed and probably one of the biggest reasons I
> never purchased or recommended an Interspect solution to a company.


I think RNA and the Snort that Marty demonstrated at CanSecWest 05 are
very compelling security products and demonstrate that Sourcefire was
set to deliver a very useful upgrade to the idea of IDS and IPS. If
you weren't at CanSecWest (why weren't you?), the new Snort that Marty
demonstrated takes context automatically from RNA. It looked very
promising. How Check Point intends to integrate that with their
existing technology is anyone's guess, but having it integrate with
firewall logs and such seems fairly appealing to me.

Thanks.



More information about the list mailing list