RSA 2014: Cisco Open Sources App Security Tools

As it builds up its security business following the pricey acquisition of Sourcefire, Cisco has announced the open sourcing of its application detection and monitoring code.

The launch of OpenAppID code brings app detection and reporting capabilities to Snort, the open source network intrusion prevention and detection system created by Sourcefire founder Martin Roesch, Cisco said. It made the announcement ahead of this year’s RSA Conference, taking place in San Francisco this week.

Blocks and alerts will made easily implementable with OpenAppID, according to Cisco, alongside context data that helps IT teams understand where application security issues reside.

Cisco hearts open source?

The networking giant believes this is the first open source project of its kind, as it provides an open language for app identification. On launch, the OpenAppID software will contain a library of over 1000 app IDs for the Snort community.

“That’s not an exhaustive list… we want to encourage people to add to that,” said Leon Ward, UK product manager at Sourcefire.

“When Sourcefire entered the intrusion prevention systems market, we did so into a market that was already mature. The way we achieved success was through openness.

“We’ve learned the open source philosophy fits really well for the security community… it build collaboration and trust.”

Cisco announced the acquisition of Sourcefire for $2.7 billion (£1.7bn) in July, closing the deal in the second half of 2013. Outside of its work on Snort, Cisco has started to integrate Sourcefire’s technologies further this week at RSA Conference.

The Advanced Malware Protection technology has been added to Cisco’s Content Security Portfolio, which includes email and cloud products. AMP uses sandboxing and reputation-based algorithms to determine whether a file is worth worrying about, rather than relying on signatures to detect malware.

How well do you know network security? Try our quiz and find out!