Application Awareness goes open source: Snort OpenAppID

Cisco Sourcefire recently announced that their Snort open source IDS/IPS 2.9.7 will now support free application visibility and control, called OpenAppID.  It will be fully integrated into the current Snort framework and offers a new application preprocessor and keyword ‘appid’ that can be used in any Snort rule.  OpenAppID will launch with detection for over 1400+ applications, providing Snort admins with much needed awareness of the applications on their networks.  The Snort application information can also be sent to 3rd party analytics or SIEM tools.  


The defacto industry standard rule language for IDS/IPS has been Sourcefire’s Snort open source technology.  So this OpenAppId release begs the question; can Snort do it again in the application visibility and control space?  Will Snort become the standard for application detection signatures?Application awareness has been largely dominated by the NGFW (next-generation firewall) market so far and is one of the major factors that market has sky rocketed.  You couldn’t swing a stick at the latest RSA conference without hitting a vendor with a NGFW offering to tell you about.  So what happens now that the largest open source security project has now begun to offer a for free AVC solution to the market?  Will the Snort community rush to adopt the OpenAppID features released in Snort version 2.9.7?  If we look at the history of the Snort community it is very likely that they will.  If they do, will the NGFW and NGIPS markets follow their customers and implement support for OpenAppID as well?  Could be a game changer for the viability of AVC as a security tool.

To read this article in full, please click here

*** This is a Security Bloggers Network syndicated blog from Network World Cisco Security Expert authored by [email protected]. Read the original post at: