Martin Roesch

Last updated April 08, 2024

Martin Roesch founded Sourcefire in 2001 and was its Chief Technology Officer until the company was acquired by Cisco Systems on October 7, 2013 for $2.7B.^[1] Roesch now is CEO of Netography^[2] which raised $45M in Series A funding^[3] in November 2021. A respected authority on intrusion prevention, detection technology, and forensics, he was responsible for the technical direction and product development efforts of Sourcefire and Cisco Security before he moved into board roles and VC roles with Decibel Partners. Martin, has industry experience in network security and embedded systems engineering. He is also the author and lead developer^[4] of the Snort Intrusion Prevention and Detection System which formed the foundation for the Sourcefire firewall and IDS/IPS systems. Snort is still developed by Cisco Systems today and remains the most-used open source IDS technology.

Martin has developed various network security tools and technologies, including intrusion prevention and detection systems, honeypots, network scanners, and policy enforcement systems, for organizations such as GTE Internetworking, Stanford Telecommunications, Inc., and the United States Department of Defense. Martin has been interviewed as an industry expert in multiple technology publications, as well as print and online news services such as MSNBC, Wall Street Journal, CNET, ZDNet, and Scientific American. He has written columns for both Forbes and Fast Company, has keynoted many conferences, including RSA Conference, and continues to engage in the security community to mentor other developers. He has also been interviewed for several books, such as Network Intrusion Detection: An Analyst's Handbook, Intrusion Signatures and Analysis, Maximum Security, Hacking Exposed, and others.

In 2022, Martin was named to Technical.ly's Real List of Engineers^[5] on the forefront of change, based on his new work with leading Netography. He has been outspoken in recent months about the fundamental issues with network security priorities being lost in the face of COVID-19 changes in how companies work, leading to the atomization of networks.^[6]

In 2006, Martin was named as one of InformationWeek's 18 "Innovators and Influencers" and one of the Tech Council of Maryland's "Most Influential CTOs in Maryland." Martin has also been the recipient of the 2004 InfoWorld IT Heroes Innovator Award as well as winning the 2004 "40 Under 40" award from the Baltimore Business Journal.

Martin holds a B.S. in Electrical and Computer Engineering from Clarkson University. He is also the author of Daemonlogger. ^[7]

Related Research Articles

Cisco Systems, Inc.,, is an American multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, software, telecommunications equipment and other high-technology services and products. Cisco specializes in specific tech markets, such as the Internet of things (IoT), domain security, videoconferencing, and energy management with leading products including Webex, OpenDNS, Jabber, Duo Security, Silicon One, and Jasper.

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.

Sguil is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. The sguil client is written in Tcl/Tk and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.

Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

OSSIM (Open Source Security Information Management) is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

Angela Orebaugh is a cyber technology and security author and researcher. In 2011, she was selected as Booz Allen Hamilton's first Cybersecurity Fellow. She is an assistant professor at the University of Virginia Department of Computer Science.

Prelude SIEM is a Security information and event management (SIEM).

Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.

Network behavior anomaly detection (NBAD) is a security technique that provides network security threat detection. It is a complementary technology to systems that detect security threats based on packet signatures.

<span class="mw-page-title-main">Barrett Lyon</span> American businessman (born 1978)

Barrett Gibson Lyon is an American Internet entrepreneur, security researcher, and a former hacker.

Okena is an intrusion detection company based in Waltham, Massachusetts. It was acquired by Cisco Systems on January 24, 2003, for $154M, in an all-stock transaction.

Aanval is a commercial SIEM product designed specifically for use with Snort, Suricata, and Syslog data. Aanval has been in active development since 2003 and remains one of the longest running Snort capable SIEM products in the industry. Aanval is Dutch for "attack".

Used as part of computer security, IDMEF is a data format used to exchange information between software enabling intrusion detection, intrusion prevention, security information collection and management systems that may need to interact with them. IDMEF messages are designed to be processed automatically. The details of the format are described in the RFC 4765. This RFC presents an implementation of the XML data model and the associated DTD. The requirements for this format are described in RFC 4766, and the recommended transport protocol (IDXP) is documented in RFC 4767

Sagan is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management softwares and give Sagan the ability to correlate with Snort IDS/IPS data.

Vectra AI, Inc. is a cybersecurity company that uses AI for hybrid attack detection, investigation, and response (NDR) solutions. The company was established in 2012 and operates in 113 countries from its San Jose, California headquarters.

Ang Cui is an American cybersecurity researcher and entrepreneur. He is the founder and CEO of Red Balloon Security in New York City, a cybersecurity firm that develops new technologies to defend embedded systems against exploitation.

Cisco Talos, or Cisco Talos Intelligence Group, is a cybersecurity technology and information security company based in Fulton, Maryland. It is a part of Cisco Systems Inc. Talos' threat intelligence powers Cisco Secure products and services, including malware detection and prevention systems. Talos provides Cisco customers and internet users with customizable defensive technologies and techniques through several of their own open-source products, including the Snort intrusion prevention system and ClamAV anti-virus engine.

References

↑ Rao, Leena (2013-07-23). "Cisco Acquires Cybersecurity Company Sourcefire For $2.7B". TechCrunch. Retrieved 2023-01-13.
↑ "Martin Roesch joins Netography as CEO". Help Net Security. 2021-09-15. Retrieved 2021-09-23.
↑ "Netography raises $45M Series A funding to provide real-time threat detection and response capabilities for the atomized network". Tech News | Startups News. 2021-11-15. Retrieved 2023-01-13.
↑ "So, What Is Snort? | An Introduction to Snort: A Lightweight Intrusion Detection System | InformIT". www.informit.com. Retrieved 2023-01-13.
↑ Rao, Sameer (2022-10-19). "RealLIST Engineers 2022: Meet 10 tech leaders changing Baltimore's code". Technical.ly. Retrieved 2023-01-13.
↑ "Cybersecurity Solutions Must Evolve, Says Netography CEO". Dark Reading. August 19, 2022. Retrieved 2023-01-13.
↑ "Sourcefire Website". Archived from the original on 2012-09-13. Retrieved 2008-10-28.

External links

Security Conversations "Down Memory Lane with Snort and Sourcefire Creator Marty Roesch"

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Rao, Leena (2013-07-23). "Cisco Acquires Cybersecurity Company Sourcefire For $2.7B". TechCrunch. Retrieved 2023-01-13.

[2] "Martin Roesch joins Netography as CEO". Help Net Security. 2021-09-15. Retrieved 2021-09-23.

[3] "Netography raises $45M Series A funding to provide real-time threat detection and response capabilities for the atomized network". Tech News | Startups News. 2021-11-15. Retrieved 2023-01-13.

[4] "So, What Is Snort? | An Introduction to Snort: A Lightweight Intrusion Detection System | InformIT". www.informit.com. Retrieved 2023-01-13.

[5] Rao, Sameer (2022-10-19). "RealLIST Engineers 2022: Meet 10 tech leaders changing Baltimore's code". Technical.ly. Retrieved 2023-01-13.

[6] "Cybersecurity Solutions Must Evolve, Says Netography CEO". Dark Reading. August 19, 2022. Retrieved 2023-01-13.

[7] "Sourcefire Website". Archived from the original on 2012-09-13. Retrieved 2008-10-28.

[1]

[2]

[3]

[4]

[5]

[6]

[7]