OpenAppID is an application-layer network security plugin for the open source intrusion detection system Snort.

OpenAppID from Cisco helps improve application awareness by allowing Snort users to detect, monitor and manage application usage on their networks, enabling Snort to be used as an open source, customizable application firewall or next-generation firewall.

OpenAppID detectors -- signature files used by OpenAppID to detect network traffic from certain applications -- can be used to identify rogue application use, detect malicious applications and implement various application policies, such as application blacklisting, limiting application usage, and enforcing conditional controls (e.g., allowing Gmail access only if two-factor authentication is leveraged).

As of August 2014, there are more than 2,200 supported detectors for OpenAppID, enabling it to detect more than 1,500 applications. Administrators can also create their own detections to meet specific business needs. Detection information can also be exported from Snort for use by security analytics or security information and event management systems.

OpenAppID was introduced in Snort version 2.9.7 in February 2014.

A sampling of the numerous apps supported by OpenAppID
A sampling of the numerous apps supported by OpenAppID.
This was last updated in August 2014

Continue Reading About OpenAppID

Dig Deeper on Application and platform security