April 9, 2007

IT security firm trusts open source inside and out

Author: Tina Gasperson

An Atlanta IT security company is finding success by employing open source software, not just in the network security appliance it sells, but on its own desktops and servers.

In 1996, entrepreneur Richard Campbell started a company to help other entrepreneurs in East Asia become Internet service providers. His "ISP in a box" concept worked with Slackware as its base. The more experienced Campbell became with open source, a concept he originally discovered in college, the more he began to appreciate tools like Snort, a GPLed network intrusion detection system. "I became a strong proponent of it," Campbell says, and shortly after that he founded the Atlanta Snort Users Group.

Campbell had so much confidence in Linux and Snort that he decided to launch a new company called Securiant. As its flagship product, Campbell created a network appliance that runs on a custom Linux kernel with a big suite of open source security applications, including Squid, Snort, Dan's Guardian, Nessus, Shorewall, and Argus. The SpiderISA appliance plugs into the network and provides up-to-the-minute information about vulnerabilities, necessary patches, and intrusion attempts.

In 2003, Campbell started Securiant with no outside funding and a tight budget. His previous experience with open source software had taught him that using it internally, not just as a development platform, was the best way to keep costs low so that he could hire the people he needed. "I knew I was going to need to bring in consultants" to help with developing SpiderISA. "I decided to go with Linux and OpenOffice.org on all our desktops. Originally, this was more of a short-term focus, where we said, 'Let's use Linux, and then when we're making money we can move to Microsoft.' What we ended up doing was keeping Ubuntu because our development and support staff like it." Campbell says that only the sales and marketing departments still use Windows, "because those folks don't have a solid tech foundation. The learning curve was too steep to put them on Linux. But we hope over the next couple of years we'll be able to migrate them as well."

One of the challenges of using open source software so extensively has been finding the right employees, Campbell says. "But the guys we hired came with the skills we were looking for. In fact, whenever we hire, open source software experience is part of the requirement. It's about finding staff that have more than just a high-level administration understanding of open source. We look for people with an actual low-level understanding."

"The second biggest challenge we've had is acceptance [of OSS] by folks we have to interface with. In past years, people that we deployed with tended to be leery of it. But in the last two years, it's actually becoming an advantage. They feel better, like it's going to be more reliable and secure. It reminds me of the early days when everyone ran Novell and used to brag about how long the server had been up. The same thing happens with Linux now. It's a badge of honor."

Campbell says that building a business using open source software requires understanding. "There's a lot of misunderstanding -- open source software doesn't mean free software that you pick out of the bin. It is really better than some commercial products. But it doesn't come with a support standard unless you pay for it." He recommends that newbies go with "known vendors. Whether it's openSUSE or Red Hat or Ubuntu, stick with a distribution that you can pick up the phone and ask questions.

"Pace yourself. Don't dive into open source head first. Dive in feet first. The strongest place you can leverage open source software is on the server side. Once you get comfortable, test the waters on the desktop side of it."


  • Open Source
Click Here!