Popular open source (opens in new tab) intrusion detection and prevention system Snort has received a major upgrade, featuring several new features including the ability to run across multiple environments and operating systems.
Snort 3, which analyzes network traffic in real-time to detect and prevent all kinds of attacks and malicious traffic over the network, started out as any other open source project, but is now developed by Cisco.
While Snort has become one of the most popular solutions for thwarting network attacks, the increasing complexity of the attacks and the changing deployment landscape called for a new solution. “When we started thinking about what the next generation of IPS looked like, we decided to start from scratch,” the company wrote in its release announcement (opens in new tab).
- These are the best endpoint protection (opens in new tab) tools
- Here are the best Linux distros for business (opens in new tab)
- We’ve also rounded up the best Linux Server distros (opens in new tab)
Back to formula
The long anticipated release is the culmination of over seven years of development. “After many years of success, it is time for Snort to evolve by incorporating lessons we had learned over the many years of the software’s existence and make it even more effective,” acknowledged the developers.
One of the major highlights of Snort 3 is that it now supports multiple environments and operating systems.
The new release is more efficient thanks to support for multiple packet processing threads, which makes Snort 3 more scalable. It’s also now easier to write detection rules thanks to a new rule syntax that’s more concise.
The release also enhances Snort’s HTTP/2 inspection and network discovery capabilities, along with several other changes both in the back-end and to the user interface.
- Subscribe to Linux Format magazine (opens in new tab) for more Linux and open source goodness