26 Open Source Security Apps with Commercial Support

A little over a year ago, we took a look at 10 Commercial Open Source Security Vendors. As we set out to update that list, two facts jumped out: 1) the number of open source security apps with commercial support has grown substantially and 2) the line between open source and commercial applications continues to blur.

On the one hand, open source developers want to find a way to make money from their projects. On the other hand, many application users, particularly enterprise users, are looking for applications with fee-based support. Rightly or wrongly, they feel that paying a fee brings greater accountability, and often these users lack the skills to manage open source apps on their own and would rather pay someone else to do it.

With pressure from both sides, it's no wonder that so many open source security applications now have commercial components. In all, we’ve covered 26 open source applications that have fee-based support available in some form.

It's also worth noting that the revenue models for that fee-based support vary substantially from project to project. Our list includes subscription-based services where users pay a yearly or monthly fee for access to e-mail or telephone assistance, as well as "open core" products, which are based on open source projects but incorporate additional features.

Other projects on the list provide links to third parties, often "mom-and-pop" style shops, who can provide support and consulting on a small scale. And one enterprising developer simply offers his own services as an independent contractor as his project's "commercial support."

No matter which revenue model they use, the apps on this list offer users the best of both worlds—the flexibility, security, and cost savings of open-source combined with the peace of mind that comes with commercial support.

Anti-Spam

1. SpamAssassin

SpamAssassin is not only one of the best open-source anti-spam solutions available, it's also one of the best anti-spam solutions period. The project developers do not provide commercial support directly, but they do offer a list of third-party vendors who offer supported products or services based on SpamAssassin. Operating System: OS Independent.

2. Mailwasher

Mailwasher comes in two flavors: Mailwasher Server is the free, open-source version and Mailwasher Pro is the commercially supported version. A new Enterprise Server edition is due to be released soon. Operating System: Windows, Linux, Unix, Solaris

Anti-Virus

3. ClamAV

One of the best-known open-source security applications available, ClamAV is often embedded in commercial applications. You can also buy commercial support (sold as "Certified ClamAV") from Sourcefire, the project's owner. Operating System: Unix, Linux, BSD.

Data Removal

4. Eban

Eban is the enterprise version of Darik's Boot and Nuke (also known as Dban). In additional to professional support, the enterprise version adds a couple of notable features: network booting (so you can erase a lot of hard drives at once) and advanced reporting. Operating System: OS Independent.

Firewall

5. IPCop

Designed for small businesses, IPCop turns any PC into a Linux-based network firewall appliance. Support is not available directly from the project owners, but the site does list a number of consultants located around the world who provide fee-based support. Operating System: Linux.

6. Smoothwall

This commercial version is based on "the world's favorite" open-source firewall, Smoothwall Express. In addition to the firewall software, Smoothwall also offers gateway appliances and web security/content filtering, email security/anti-spam, and bandwidth management (QoS) software. Operating System: Linux, Unix.

7. Vuurmuur

Vuurmuur acts as a firewall manager for iptables on Linux. This is a smaller project than some of the more well-known open-source firewalls, and as such it takes a pretty unique approach to fee-based support. If you click the "commercial support" link, you'll find that the project owner is willing to contract himself out as a consultant. Operating System: Linux.

8. Vyatta

We've classified it with the firewalls, but Vyatta (vee-AH-ta, sanskrit for "Open") also includes a router, intrusion prevention, and VPN. Various levels of support are available by subscription and pre-configured appliances are also available. Operating System: OS Independent.

9. AppArmor

While most of the firewalls on our list are network firewalls, AppArmor is an application-level firewall that makes sure programs only do what they're supposed to do. You can download it as a standalone program, but it's also included in Novell's openSUSE and SUSE Linux Enterprise. Operating System: Linux.

10. ModSecurity

Another Web application firewall, ModSecurity provides real-time monitoring and anlysis of attacks. Hardened appliances and commercial support are available from project developer Breach Security. Operating System: OS Independent.

Intrusion Detection and Prevention (IDS/IPS)

11. Snort

Sourcefire, developer behind ClamAV, also manages Snort, "the de facto standard for intrusion prevention." On the Sourcefire web site, you'll find a number of commercially supported products based on Snort, as well as training and support. Operating System: Linux, Unix, BSD, Mac OS X.

12. OSSEC

With more than 5,000 downloads a month, this IDS is among the world's most popular. Commercial support is available through Third Brigade. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.

Inventory Management

13. OCS Inventory NG

Having an up-to-date list of the hardware and software on your network can be invaluable for security planning. This handy app simplifies inventory management and deployment of new technology. Commercial support is available through the sservice partners listed on the site. Operating System: OS Independent.