How one security firm has embraced open source application detection


by Duncan MacRae| 26 February 2014

Cisco Security's OpenAppID language aims to enable rapid community development of application controls.

Cisco has begun delivering the ability to create and integrate new open source application identification capabilities into its Snort engine (an open source network intrusion prevention and detection system) through the release of OpenAppID.

Open source application detection and control allows users to create, share and implement custom application detection so that they can address new app-based threats as quickly as possible.

It is enabled by Cisco's new OpenAppID application-focused detection language. This aims to provide application visibility, accelerates development of application detectors, and controls and empowers the community to share detectors for greater protection. As new applications are developed and introduced into corporate environments at an unprecedented rate, this new language provides users with increased flexibility to control new or custom apps on the network.

Cisco believes OpenAppID is especially important for organisations utilising custom-built or specialised applications and those in highly regulated industries that require the highest levels of identification and control.

Kevin Kerr, CISO and senior advisor, risk management at Oak Ridge National Laboratory, said: "As a long-time Snort user, we rely on the flexibility, transparency and control that open source tools give us to better protect our entire environment.

"While proprietary systems leave us beholden to update cycles and priorities, open source allows us to tailor protection at our convenience. By delivering application detection and control to the open source community, Cisco is empowering users with the ability to create custom application detectors and take action to address new threats in real time."

Marty Roesch, creator of Snort and VP and chief architect, Cisco Security Business Group, said: "Open source is very important because it creates real collaboration and trust between vendors and the experts that are tasked with addressing advanced and aggressive threats. By open sourcing application visibility and control, Cisco is empowering the community to create technically superior solutions to address their most complex and unique security challenges."

Cisco has also delivered a special release of the Snort engine that includes the new OpenAppID preprocessor. This enables the Snort community to begin working with OpenAppID to build application detectors.


Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1535 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.