Martin Roesch When Martin Roeschcreated Snort, his original intention was significantly more modest than the industry standard for intrusion detection that the work became.“I was looking to teach myself to use some libraries that are commonly available on Unix, and I wanted to write a new tool to help me with a couple of things,“Roesch says. “I ended up writing a new sniffer and calling it Snort.“Roesch first used Snort to monitor his home cable modem and as a debugger for some other code he was writing. “The inspiration was pretty workaday,“he says. Snort was devised in Roesch‘s spare bedroom, but as it moved into the outside world the challenges overflowed the room. Lacking resources to effectively test it, he tapped the open source community.That gave rise to political issues, namely having to continue development in a fashion that pleased, or at the very least did not offend, Snort users. Come commercialization time, Roesch says, some people picked on Snort because of its open source roots, whereas others viewed it as a lowest-common-denominator approach.But Snort took on a life of its own and became the de facto standard for IDS (intrusion detection system). Roesch, in turn, turned his attention toward a new security technology: RNA (Real-time Network Awareness). The problem RNA addresses is that people deploying intrusion detection systems lack enough information about the networks they are trying to defend and even though people use them, vulnerability scanners do an insufficient job of providing the real-time network context needed to make the intrusion-detection process smarter.“Intrusion detection systems are really good at giving you a lot of information, but you have to have a high level of expertise in order to actually get any value from that data,“Roesch says.In spring of 2000, it occurred to Roesch that a smarter way to secure networks would be “passively“—that is, letting a network tell administrators about itself and then integrating that data into an IDS. By then, his company, Sourcefire, had grown enough that Roesch no longer had to be the chief cook and bottle washer. So he tuned his scope toward further developing RNA.“My CEO dared me to go home one weekend and write a prototype of it,“Roesch says. “So I did.“A few months into development, Sourcefire realized that RNA‘s pervasive network intelligence could make every network security technology smarter, including patch management systems, firewalls, routers. RNA became commercially available in late 2003, and RNA has seven patents pending. “My project is figuring out all the cool things intrusion detection systems can do once they have RNA,“Roesch says. SecurityTechnology IndustryIntrusion Detection Software