March 1, 2010 1 Comment
Matasano Security, a security consulting and research firm, has released Flint, an open source tool that evaluates rules found on Cisco firewalls for outdated, redundant, or exposure to other security threats. Flint is based on Ruby on Rails, is available as a VMware virtual appliance, and source code is available. Per Dark Reading’s Kelly Jackson Higgins, Tom Ptacek, Principal with Matasano, said, “It’s easy to extend, and we’re hoping to get a lot of feedback from the network security community.”
In case you’ve missed it, security change and configuration management is a hot market that has traditionally focused on firewalls; Pioneers/leaders in this market include AlgoSec, Tufin, SecurePassage, and Skybox Security. However, companies like Tufin are moving beyond the firewall to include classic network devices such as routers, switches, load balancing, and more. Matasano’s Flint is a hybrid of sorts as their first release only supports Cisco firewalls, yet the software (caveat as I have not yet seen the open source licensing on Flint) may be extended by the community to include different functionality and device types.
Like any development model, open source has produced some winners and some forgettable products. My question is; will a security developer community evolve around Flint or will it simply become a user community? Empirical evidence gathered by my involvement with ZipTie, an open source framework for Network Inventory and Configuration Management, suggests the latter may be true.
Sure, there are some major differences between ZipTie and Flint. While ZipTie is built on Java, Flint is built on Ruby. While ZipTie is backed by AlterPoint (a commercial network change and configuration vendor), Flint is backed by Matasano Security a security consulting and research firm. However, one undeniable similarity lies within the belief that a development community exists and will emerge to enhance, extend, or white label the solution. ZipTie learned that while their community is vibrant, growing, and full of incredible ideas, the development community it coveted never materialized putting the burden squarely on ZipTie itself. Faced with this reality, ZipTie morphed into AlterPoint NetworkAuthority Inventory where it continues to be available today.
Security and firewall administration is a complex and high-profile responsibility within any IT organization. While these men and women are talented in many aspects of security, they also are specialized via security manufacturers and product types. For example; CheckPoint Firewalls (Appliance/Blade), Juniper NetScreen, Fortinet FortiGate, Linux Firewalls, TippingPoint IPS, Snort, and more. However, are they Ruby developers?
Development communities, in any form, are powerful additions to a company’s portfolio. However, they are easier to find within the application world of operating systems, virtualization hypervisors, databases, and more. For the worlds of networking and security, why not create a specialized development community that is focused on areas of the product where their involvement makes sense? Examples of such communities include; AlterPoint’s Forge and Tufin’s Open Development Platform Alliance.
While Matasano Security’s Flint is open source interesting, is it a viable alternative to its commercial competitors? Albeit Flint receives a good geek score, I’ll leave the security and reputation of my company to the commercial vendors. In any case, here’s to Matasano’s team as they’ve certainly drawn attention to their security consulting and research business.