Open source application detection and control is enabled by Cisco’s new OpenAppID application-
“As a long-time Snort user, we rely on the flexibility, transparency and control that open source tools give us to better protect our entire environment,”
OpenAppID will accelerate and expand the breadth of application detection, by facilitating open community sharing and enhancement of new application detectors. It also supports the following critical capabilities:
· Application Detection/Reporting ‑ OpenAppID enables Snort users to utilize the new OpenAppID detectors to detect and identify applications, and to report on application use.
· Application Context associated with network intrusion events ‑ By providing application-
· Actionable Application Detection and Control ‑ OpenAppID enables Snort to block or alert on detection of certain applications. This helps to reduce risks by managing total threat surface.
Martin Roesch, creator of Snort and Vice President and Chief Architect, Cisco Security Business Group, said, “Open source is very important because it creates real collaboration and trust between vendors and the experts that are tasked with addressing advanced and aggressive threats. By open sourcing application visibility and control, Cisco is empowering the community to create technically superior solutions to address their most complex and unique security challenges.”
As part of this announcement, Cisco is delivering a special release of the Snort engine that includes the new OpenAppID preprocessor. This enables the Snort community to begin working with OpenAppID to build application detectors. Included with a future general release of Snort, the OpenAppID-enabled preprocessor supports:
· Detection of applications on the network
· Reporting on the usage statistics of apps (traffic)
· Blocking of applications by policy
· Extensions to the Snort rule language to enable application specification
· Reporting of an “App Name” along with IPS events
In addition, a library of more than 1,000 OpenAppID detectors will be available at no charge through the Snort community at http://www.snort.org. Any community member may contribute additional detectors, including end user organizations with custom applications that are not commercially available.
Cisco's commitment to open source security projects, including Snort and ClamAV, provides users and developers the ability to engage and strengthen their solutions, while demonstrating technical excellence and providing rapid threat protection. The acquisition of Sourcefire has strengthened Cisco's extensive contributions to the open source software development community.
Follow @Snort on Twitter for rules updates and more.
· Join the security conversation on Twitter by following @CiscoSecurity. You can like Cisco Security on Facebook at http://facebook.com/
Read Cisco Blogs (http://blogs.cisco.com/
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.
# # #
Cisco, CCNP and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco’s trademarks can be found at www.cisco.com/
Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire (http://sourcefire.com/)