Skip to main content

Open source security software Snort gets a major upgrade

security
(Image credit: Pixabay)

Popular open source intrusion detection and prevention system Snort has received a major upgrade, featuring several new features including the ability to run across multiple environments and operating systems.

Snort 3, which analyzes network traffic in real-time to detect and prevent all kinds of attacks and malicious traffic over the network, started out as any other open source project, but is now developed by Cisco.

While Snort has become one of the most popular solutions for thwarting network attacks, the increasing complexity of the attacks and the changing deployment landscape called for a new solution. “When we started thinking about what the next generation of IPS looked like, we decided to start from scratch,” the company wrote in its release announcement.

Back to formula

The long anticipated release is the culmination of over seven years of development. “After many years of success, it is time for Snort to evolve by incorporating lessons we had learned over the many years of the software’s existence and make it even more effective,” acknowledged the developers.

One of the major highlights of Snort 3 is that it now supports multiple environments and operating systems. 

The new release is more efficient thanks to support for multiple packet processing threads, which makes Snort 3 more scalable. It’s also now easier to write detection rules thanks to a new rule syntax that’s more concise. 

The release also enhances Snort’s HTTP/2 inspection and network discovery capabilities, along with several other changes both in the back-end and to the user interface.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.