Exploring Snort

The pig that makes your network fly…

 

Introduction

The internet can be a dangerous place, with malware, ransomware, worms and botnets to name just a few things. How can you keep your organization and its data safe?  The Meraki MX leverages some industry-leading security technologies and puts them in the hands of users, network operators and partners whilst simultaneously making them easy to enable.  

In this blog post, we will explore one of the security technologies that Meraki utilizes to help keep users safe, namely Snort, which is an open-source network intrusion detection system/intrusion prevention systems (IDS/IPS).

What exactly is IDS/IPS?

Before we talk about why we think Snort is great, we first need to talk about what an IDS/IPS is.  

IDS/IPS systems are devices or software that monitors networks or computers to detect malicious or anomalous behaviour.  An IDS simply alerts the network or system operators of malicious or anomalous behaviour, whereas IPS will also actively prevent this behaviour.  

To provide an analogy, think of a firewall as a door securing access in and out of a controlled area.  The IDS is akin to a security camera pointing at the door, whereas an IPS is a security camera with frickin’ lasers!

image credit: thinkgeek.com

Why is Snort #1 in the industry?

For a start, Snort, under the guise of Cisco, has consistently been in the upper right-hand corner of Gartner’s Magic Quadrant for IPS for many years.  Fundamentally, Snort is the #1 IPS in the world because it is the most widely deployed, with over 4 million downloads open-source variant alone. That doesn’t even take into account the variants running on Cisco FirePower Firewalls, Cisco ASA with FirePower services firewalls, and Cisco Meraki MX security appliances.  

The open source nature of Snort’s development provides the following benefits:

  • Rapid responseCisco Talos is constantly (24x7x365) updating the rulesets that Snort uses, meaning organizations that leverage Snort are quickly protected from emerging threats.
  • Greater accuracy – The rulesets running on Snort are reviewed, tested, and improved upon by the community of users, which means organizations using Snort are leveraging the knowledge of security teams worldwide.
  • High adaptability – The open source nature of Snort means that companies and organizations can build the power of Snort directly into their own applications.

Snort isn’t a silver bullet on its own,  but no security technology is.  That is why at Meraki we expose the threat information identified by Snort and other technologies in a single pane of glass, enabling network defenders to  quickly and easily understand whether a threat is targeted (and hence serious) or part of the background of the internet.

That single panel of glass is the Meraki Security Center, and it allows network defenders to see all threat data in a given network for 30 days and, in three or four clicks, lock in on a potential issue whilst cutting through the noise.

Talos?

In its own words, Cisco Talos is the industry-leading threat intelligence group fighting the good fight!  They are a team of exceptionally talented women and men who peer into the dark corners of the internet to protect your organization’s people, infrastructure and data.  Their researchers, data scientists and engineers deliver protection against attacks and malware that underpins the entire Cisco security ecosystem, Meraki included.

If you would like to learn more about Cisco Talos, then we recommend subscribing to the ‘Beers with Talos’ podcast and listen to Mitch, Craig, Joel, Matt & Nigel break down the latest threats and trends.  With the exception of Nigel (who does support the best football team in the world, so he gets a pass), the Beers with Talos team runs Meraki MX Security Appliances in their home networks!

Conclusion

The implementation of Snort on Meraki’s MX security appliances typifies Meraki’s philosophy; we take an industry leading, best-in-class technology and we make it simple to enable and configure.  All while making the data you get from it both easy to understand and to act on.

If you think your organization could benefit from the power and simplicity of Snort in the Meraki MX Security Appliance, contact Meraki sales today.

References