Cisco Security introduces open source application detection and control

BRACKNELL, UK: Harnessing the power of open source and community, Cisco today announced that the company is delivering the ability to create and integrate new open source application identification capabilities into its Snort engine through the release of OpenAppID.

Open source application detection and control allows users to create, share and implement custom application detection so that they can address new app-based threats as quickly as possible.

Open source application detection and control is enabled by Cisco's new OpenAppID application-focused detection language. OpenAppID provides application visibility, accelerates development of application detectors, and controls and empowers the community to share detectors for greater protection.

As new applications are developed and introduced into corporate environments at an unprecedented rate, this new language provides users with increased flexibility to control new or custom apps on the network. OpenAppID is especially important for organizations utilizing custom-built or specialized applications and those in highly regulated industries that require the highest levels of identification and control.

OpenAppID will accelerate and expand the breadth of application detection, by facilitating open community sharing and enhancement of new application detectors. 

Martin Roesch, creator of Snort and VP and chief architect, Cisco Security Business Group, said, "Open source is very important because it creates real collaboration and trust between vendors and the experts that are tasked with addressing advanced and aggressive threats. By open sourcing application visibility and control, Cisco is empowering the community to create technically superior solutions to address their most complex and unique security challenges."

As part of this announcement, Cisco is delivering a special release of the Snort engine that includes the new OpenAppID preprocessor. This enables the Snort community to begin working with OpenAppID to build application detectors. Included with a future general release of Snort, the OpenAppID-enabled preprocessor supports:

- Detection of applications on the network

- Reporting on the usage statistics of apps (traffic)

- Blocking of applications by policy

- Extensions to the Snort rule language to enable application specification

- Reporting of an "App Name" along with IPS events

In addition, a library of more than 1,000 OpenAppID detectors will be available at no charge through the Snort community. Any community member may contribute additional detectors, including end user organizations with custom applications that are not commercially available.