Popular open source intrusion detection and prevention system Snort has received a major upgrade, featuring several new features including the ability to run across multiple environments and operating systems.
Snort 3, which analyzes network traffic in real-time to detect and prevent all kinds of attacks and malicious traffic over the network, started out as any other open source project, but is now developed by Cisco.
While Snort has become one of the most popular solutions for thwarting network attacks, the increasing complexity of the attacks and the changing deployment landscape called for a new solution. “When we started thinking about what the next generation of IPS looked like, we decided to start from scratch,” the company wrote in its release announcement.
- These are the best endpoint protection tools
- Here are the best Linux distros for business
- We’ve also rounded up the best Linux Server distros
Back to formula
The long anticipated release is the culmination of over seven years of development. “After many years of success, it is time for Snort to evolve by incorporating lessons we had learned over the many years of the software’s existence and make it even more effective,” acknowledged the developers.
One of the major highlights of Snort 3 is that it now supports multiple environments and operating systems.
The new release is more efficient thanks to support for multiple packet processing threads, which makes Snort 3 more scalable. It’s also now easier to write detection rules thanks to a new rule syntax that’s more concise.
The release also enhances Snort’s HTTP/2 inspection and network discovery capabilities, along with several other changes both in the back-end and to the user interface.
- Subscribe to Linux Format magazine for more Linux and open source goodness