Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Cisco Releases Alpha Version of Snort 3.0

The popular open source intrusion prevention system (IPS) Snort has been completely rewritten and fitted with several new features, Cisco announced on Thursday.

The popular open source intrusion prevention system (IPS) Snort has been completely rewritten and fitted with several new features, Cisco announced on Thursday.

When it acquired Sourcefire for $2.7 billion in October 2013, Cisco promised to continue supporting Snort and the project has now become the foundation of the company’s Next-Generation IPS. With more than 5 million downloads, Snort is the standard in intrusion detection, and Snort rules are being used by numerous security researchers to share information on bad traffic.

Now, Cisco has released the alpha of Snort++, or Snort 3.0, and the company is asking researchers to give the new version a try.

“This Alpha release is for you to play with. It’s for you to break, it’s for you to test and get back to us about. We need you to break it; we want you to break it. This is not ready for production and should not be used for production, so that gives us the full freedom to work with our community to make Snort 3.0 as strong as possible,” Joel Esler, Threat Intelligence Team Lead and Open Source Manager at Cisco, wrote in a blog post.

It will take months of work until the final version of Snort 3.0 is released. In the meantime, Cisco will publish additional materials to detail the changes and improvements.

First of all, Snort 3.0 brings some changes that make the IPS more user-friendly. This includes built-in documentation and configuration, error support, and configuration verification on startup. Cisco says it’s trying to make the tool easy to learn and use.

The Snort rule language has also been simplified to make it easier to write rules. The list of improvements in this area also includes sticky buffers, custom HTTP buffers, and auto-detection of all protocols.

The command-line shell has been updated and it now allows users to reload a configuration, and even pause and resume a detection. Snort 3.0 also includes support for multithreading, which enables researchers to maintain a single persistent configuration for multiple threads.

Snort 3.0 was developed after Martin Roesch, vice president and chief architect of the Cisco Security Business Group and creator of Snort, started rethinking the tool’s architecture. Some of the new concepts were integrated into the main codebase, but others couldn’t have been rolled out without completely rewriting the tool, Esler explained.

The source code for Snort 3.0 is available on GitHub.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...