Many of the tools have been available for years and are used in niche environments or small offices. But only recently have enterprise MSSPs (managed security service providers) begun incorporating them.
One such company, Guardent, last week unveiled its Security Defense Appliance, an all-in-one, Linux-based machine that includes open-source technologies such as the Snort IDS (intrusion detection system), Nessus vulnerability scanner and IPTables firewall.
Guardent also uses commercial products such as Cisco Systems' PIX firewalls and Internet Security Systems' RealSecure. But officials said there's a real future for open-source software in security products and argue that it can actually be more secure than proprietary software.
"There's a compelling security case to be made for open source because when there's a vulnerability, you have a global community of developers racing to get it fixed," said Daniel McCall, executive vice president and co-founder of Guardent.
While they acknowledge the benefit of this process, some security experts say the number of people poring over the code is less important than the overall quality of the tools themselves.
"Does open source, by virtue of mass inspection, make the tool more secure? A good tool is a good tool," said David Moskowitz, chief technology officer of Productivity Solutions.
"I tend to believe that open source helps, but it isn't sufficient by itself. Quality is less dependent upon the number of eyeballs looking at the code and more a function of the expertise of those eyeballs," Moskowitz said. "Both Snort and IPTables have evolved."
That sentiment is echoed by corporate customers, who say the overall expertise of the security company they're dealing with is the most important factor in their relationships.
"It's critical that our data be confidential and secure," said Mark Weinstein, IT director at Charles River Ventures, a venture capital company and a Guardent customer. "Whatever technology [Guardent uses], I sleep better knowing [it's] watching my network."
Guardent is not the first company to notice the potential of open-source software in the security market. IBM for years has used such tools in its Global Services unit as has its rival, Electronic Data Systems.
One of the main reasons cited for not implementing open-source tools is a lack of support. This has also hampered some MSSPs from adopting them.
"I think that a lot of users can certainly appreciate the ROI [return on investment] of open source, but there's really not much in the way of formal support channels," said Dan Frasnelli, managing consultant in the vulnerability assessment division at Netsec, a MSSP.
Snort, perhaps the most successful of the open-source security tools, has a loyal and active user community as well as a large amount of documentation, something that sets it apart from many of the other tools. Snort, a lightweight IDS, performs the typical IDS functions of packet sniffing and logging but can also handle protocol analysis and can be used to detect a variety of attacks and probes. Although Snort is the leader in the open-source IDS world, a new entrant, SNARE (System Intrusion Analysis and Reporting Environment), an IDS for Linux, is also gaining ground.
