Open Source Security Solutions
I've previously posted in this section requesting formal support for the latest version of Nessus, specifically support for reports generated via the GUI.
While I do appreciate the reply - frankly I was not satisfied.
There is a tremendous value proposition inherent in many of the popular Open Source security tools such as Nessus and Snort - to name but a few. Not being able to fully leverage an expensive proprietary SIEM solution such as enVision as a central locus in event collection for these devices makes absolutely no sense. I'll admit that the Snort support is decent - yet the stated "officially supported" version is somewhat dated. Nessus is as capable as any of the vulnerability scanners marketed - if not more so. Where Nessus is weak is in reporting. Enter enVision - which could be positined to make what is an extermely low-cost (and high quality) vulnerability scanner into an even more useful tool.
Snort just released its latest implementation which natively supports inline mode - yes free as in beer IPS is right around the corner.
Isn't supporting low-cost Open-Source security solutions an inherent value-add?
RSA needs to get serious about Open-Source support - timely Open-Source support.
Your point is well taken. Keeping enVision device support (we now use the term "event source support") in sync with updates to products from which we log is a major priority. We've increased our R&D headcount in the event source area recently. As those resources come up to speed, look for lower (ideally, no) latency between the two. We're also about to launch a partner program to formalize our relationships with commercial product vendors whose products we support. This will be another lever in terms of streamlining the process by which we deliver these integrations and keep them updated.