A Call for Snort 3.0 Security Expertise

When it comes to intrusion prevention systems (IPS) software, nothing is more widely deployed than Snort, an open source solution that runs on hundreds of thousands of devices and appliances.

And as the release of an alpha version of Snort 3.0 becomes available, Joel Esler, threat intelligence lead and open source manager for Cisco, said his company and the primary developers of Snort are trying to enlist the aid of the broader security community to harden an update that Is not only multi-threaded, but also programmable.

Help wanted: security experts

That programmability element of Snort is critical for managed security service providers (MSSPs). As the number of devices that get connected to the Internet continues to exponentially increase, Esler said the need for more a more robust IPS that can dynamically adjust to changing security events has become a critical requirement. But rather than simply deploying an update to Snort in the field, Esler said Cisco and the rest of the Snort community want to enlist the aid of as many security experts as possible to help harden Snort 3.0 as it moves into production sometime in 2015.

Given the scale at which IT will need to be deployed through the rest of the decade, having security infrastructure that is programmable is nothing short of critical. There simply won’t ever be enough security professionals to go around. As such, more security functions need to be automated using any number of programming languages.

The cyber arms race

The most challenging aspect of all this is that IT security is already falling behind in this regard. Cybercriminals are now not only much better organized, they have access to automation tools that allow them to both better target attacks or launch ones that are designed to exploit any number of vulnerabilities at an unbelievable scale. Unless MSSPs have access to equally robust defense technologies, the IT security battle will continue to be very one-sided. This issue speaks to not only effectively securing the assets of the customer; it speaks directly to the profitability of the MSSP.

The fact that MSSPs have a vested interest in Snort 3.0 is putting it mildly. While there’s a lot of legitimate criticism these days about the state of both endpoint and network security, the one thing that is for certain is that things would be a whole lot worse without anti-malware and network security software. That means keeping those technologies relevant now and into the future is absolutely every MSSP’s business.