An open source consortium funded by military and civilian security agencies within the U.S. government has released a final version of Suricata, a new security framework.
Operating as the Open Information Security Foundation, and working with a number of government-related private companies, a team headed by Mark Jonkman of Emerging Threats and Victor Julien of the Vuurmuur firewall project are offering an intrusion detection and prevention engine with multi-threading automatic protocol detection for a wide variety of protocols.
Unfortunately the timing of the release could not have been worse, coming as it did the same week the Washington Post launched its series Top Secret America, detailing just how immense and intrusive the nation's national security apparatus has become, an economic boom for Washington seen as increasingly dangerous by many on both the left and right.
Jonkman acknowledged the help of "thousands of people" in delivering Version 1.0 of the software, which was immediately fisked by Martin Roesch, creator of Snort, who called it a cheap knock-off funded with taxpayer dollars.
In this he was echoing the expected criticism of many who either fear government's power in security matters or believe any dollar spent by government is a wasted dollar.
On the Sourcefire blog, Matt Olney offered the headline "Innovation -- you keep using that word" and a more detailed critique. He concluded with this challenge:
If you want to see what innovation looks like, come to Vegas and let the Vulnerability Research Team (VRT) show you the Razorback system. It isn't Snort, it isn't ClamAV, and it isn't Suricata. It's a new approach to the detection problem, and was built from the ground up in close collaboration with groups that are facing APT-level threats. It may not be perfect, it may not even be the right answer (but we think it is), but it is truly innovative.
My own view is that Internet cops have long been several steps behind Internet robbers, and that this medium is at the heart of the 21st century, so it's hard to dump on free help. The code is also open source, thus it can be edited and improved. The arguments between the professionals should settle down with time.
On the other hand I don't believe that the massive security apparatus constructed with the support of both parties since September 11, 2001 has really made us any safer or increased our freedom one bit. Those looking to reduce our nation's deficits will find juicy targets in the Washington Post series.
But Suricata will remain.