The Future of Snort: Why it must change for network security to live.

Expo Theatre (Hall G) October 21, 2008 - Feedback     

Bookmark and Share

William Young

With over 3,000,000 downloads, Snort is the most widely deployed and trusted intrusion detection and prevention technology worldwide. How will Snort evolve over the next couple of years to keep up with the ever-changing network security landscape? Join Mr. Young as he shares his vision of future Snort features and why they are needed. This talk will look at how contemporary threats can only be found effectively by understanding a victim’s state, the nature of the threat, and the delivery channel that an attack is using. This is the different between effective threat analysis and effective threat monitoring. Protecting the network is no longer about protecting just the server side, but also the unmanageable client as they become unwitting participants in new attack vectors. This talk will explore how some of today’s newest threats can not be easily identified by current monitoring solutions without significant data aggregation and analysis. We’ll then go into Snort 3.0, address why it was created, the nature of Adaptive IPS, the new Snort 3.0 design, and the strategy for identifying dynamic threats more efficiently. These threats require an aggregated monitoring (not analysis) approach that can combine tools like Snort, network behavioral analysis, access intelligence, asset information, etc.) to identify and stop threats that require a more flexible, module monitoring tool, like Snort 3.0.