Cisco has released open source security software designed for building secure corporate Internet firewalls called OpenAppID.
What the company is actually doing is working to integrate new open source application identification capabilities into its Snort engine through the release of OpenAppID.
Open source application detection and control allows users to create, share and implement custom application detection so that they can address new app-based threats as quickly as possible.
NOTE: Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire (acquired by Cisco last summer) — Snort combines the benefits of signature, protocol and anomaly-based inspection.
While the open source community had previously postulated as to how far Cisco would develop Snort (as a company NOT famed for open source development) we now see Cisco saying it is dedicated to making it happen.
Open source application detection and control here is enabled by Cisco’s new OpenAppID application-focused detection language.
OpenAppID provides application visibility, accelerates development of application detectors, and controls and empowers the community to share detectors for greater protection.
“As new applications are developed and introduced into corporate environments at an unprecedented rate, this new language provides users with increased flexibility to control new or custom apps on the network. OpenAppID is especially important for organisations utilising custom-built or specialised applications and those in highly regulated industries that require the highest levels of identification and control,” said Cisco.
Kevin A. Kerr is chief information security officer and senior advisor on risk management at Oak Ridge National Laboratory.
Kerr has argued that while proprietary systems have left his team “beholden to update cycles” in the past, open source allows him to tailor protection at his convenience.
“By delivering application detection and control to the open source community, Cisco is empowering users with the ability to create custom application detectors and take action to address new threats in real time,” said Kerr.
Not Very Open Source so far Cisco
Once again, the Not Very Open Source so far Cisco did in fact last year announced it was joining IBM (and others in the networking business) to create an open source framework to ensure various vendors products work appropriately together.
Martin Roesch, creator of Snort and vice president and chief architect of Cisco Security Business Group said, “Open source is very important because it creates real collaboration and trust between vendors and the experts that are tasked with addressing advanced and aggressive threats.”
As part of this announcement, Cisco is delivering a special release of the Snort engine that includes the new OpenAppID preprocessor. This enables the Snort community to begin working with OpenAppID to build application detectors. Included with a future general release of Snort, the OpenAppID-enabled preprocessor supports: