Avatar

One of the big lessons I learned during the early days, when I was first creating Snort®, was that the open source model was an incredibly strong way to build great software and attack difficult problems in a way that the user community rallied around. I still see this as one of the chief strengths of the open source development model and why it will be with us for the foreseeable future.

As most every security professional knows, cloud applications are one of the most prevalent attack vectors exploited by hackers and some of the most challenging to protect. There are more than 1,000 new cloud-delivered applications per year, and IT is dependent on vendors to create new visibility and threat detection tools and keep up with the accelerating pace of change. The problem is that vendors can’t always move fast enough and IT can’t afford to wait. Countless custom applications pile on even more complexity.

So today, Cisco is announcing OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environments and eliminating the risk that comes with waiting for vendors to issue updates. Practically speaking, we’re making it possible for people to build their own open source Next-Generation Firewalls.

The OpenAppID initiative harnesses the power of open source and the larger security community to provide application visibility and address the application attack vector by accelerating development of application detectors and controls. Application-layer context augments security events that tie to attack protection and allows for granular control over application access and usage. A library of over 1,000 OpenAppID detectors is already available, at no charge, contributed by Sourcefire and Cisco. Using a process similar to the method that we’ve honed with Snort to manage Snort rules, any community member may contribute additional detectors, including end-user organizations that may have custom applications, often not commercially available.

Thinking back to when I was in my spare bedroom writing Snort, I never imagined that it would disrupt the intrusion detection/prevention market as it did. Today, we have the potential to do the same in the Next-Generation Firewall market. And OpenAppID has an advantage – it builds on Snort and, therefore, has millions of potential community members immediately.

When Sourcefire became a part of Cisco, we stated that as one company our commitment to open source security remained strong. OpenAppID is proof of that commitment, demonstrating an investment in open source and development that allows customers and the security community to control their network environment more fully with the ability to address new or specific application-based threats as quickly as possible.

Not only that, but OpenAppID also demonstrates how open source security is woven into the fabric of Cisco’s vision. Bringing the power of open source to application-layer security supports Cisco’s ever-expanding portfolio of threat-centric solutions for the Application Centric Infrastructure.

Based on the tenets of community, collaboration, and trust, open source is an approach that delivers stronger solutions, addresses complex problems, and demonstrates technical excellence, innovation, and dependability.

Check out OpenAppID and the library of over 1,000 OpenAppID detectors at http://www.snort.org.



Authors

Martin Roesch

Vice President and Chief Architect

Cisco Security Business Group