Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


Delayed Quote. Delayed Nasdaq - 01/18 04:00:00 pm
59.73 USD   -2.66%
01/18CISCO : Protecting Secrets / Variables Using HashiCorp Vault Secret Manager
01/18CISCO : UCS and Cisco MDS
01/18CISCO : The why and how of AI-enhanced infrastructure
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Cisco : Snort 3 Anywhere

12/02/2021 | 02:51pm EST


We are proud to announce that Snort 3 is officially availablein a container form factor (called "Snort 3 Anywhere") on AWS Marketplace to be consumed in your Kubernetes cluster either running on AWS or On-prem. It's yet another way that we are fulfilling our vision to simplify security for networks, workloads, and applications across your multi-cloud world.

I am pretty sure you know about Snort, Cisco's very own piglet. Snort has a long history and is the most recommended, de facto intrusion prevention engine in the industry which is in the hall of fame of greatest open-source software of all time. Snort is widely used, in several of our own products including Cisco Secure Firewall, Cisco Umbrella, Meraki MX, and used by other industry partners. It is also available as a stand-alone open-source package.

The time has come to send Snorty, our pig mascot, on another journey to secure the container revolution…

The Container Revolution

The past couple of years there has been a tremendous increase in demand for container technologies, and the need to consume capabilities in a containerized form factor. This has fueled the evolution of Cloud Native architectures both on-prem and in the cloud.

As a natural reaction, everyone in the market has started to deliver container-based solutions to satisfy customer needs. Some of the most popular solutions leverage Docker and Kubernetes technologies.

A short clarification here if you're lost: Docker itself is an open-source technology (and container file format) which provides a way to containerize applications. It allows you to build and run containers while you develop them. When you have so many containers that you can't handle them, that's where Kubernetes become effective. It provides an ecosystem to deal with scaling, complexity, self-healing, deploying, and orchestrating your containers across multiple servers.

One more technology worth mentioning is called Helm. It plays a key role in the solution described below. Quoting from Helm's site: "Helm is a tool for managing Kubernetes packages called charts." In essence, you can use Helm charts to bundle all the information required for Kubernetes to instantiate containers. (Think about bootstrap parameters, dependency management, release metadata for lifecycle management.)

The Challenge

Recently, the growth of distribution channels for containers has made it challenging for customers to consume these products from a single secure and trusted catalogue. If you have hybrid-cloud (a mix of on-prem and cloud) environments - the challenge is even greater.

In more technical terms, there are many different "Artifact Registries" that customers can use in their Kubernetes deployments to access/consume/deploy different solutions provided in a container form factor.

This creates multiple challenges for procurement, security, compliance, and finance teams to manage all the relations, contracts, certify container applications, and release them for consumption in production environments. The pain this challenge creates will only worsen over time, if not addressed.

The Solution

With the latest addition to AWS Marketplace, which is called "Containers Anywhere" - AWS took a bold step to offer a solutionfor the above-mentioned challenges customers face.

With the help of AWS Marketplace Container Anywhere - customers can browse, subscribe to, and deploy third party Kubernetes applications through the marketplace. This helps to ease constraints about security, relationship management with different vendors, monitor utilization and billing. The containers offered in the marketplace are vetted through AWS to ensure safety and security.

How does our little Snorty piglet come into play here?

The new offer called "Snort 3 Anywhere" is delivered via Helm chart on the AWS Marketplace which can be easily deployed and used both in AWS and on-prem Kubernetes clusters.

The offerincludes a 1 year Business Subscription for the proprietary snort rules, hence the price tag. (Snort3 itself is open-source and free to use under GPLv2 - so you essentially need to pay for the business rule subscription)

Use Cases

Now a little bit about the specifics…

Use cases supported by this offer in AWS Container environments:

Snort has been enhanced with a new data acquisition module (DAQ) - that handles the Geneve Encapsulated packets coming out from a GWLB.

Implementing like this enables flexibility for inspecting packets inline or passive mode, but transparently to your environment, leveraging the power of Snort to secure your resources in Amazon ECS, EKS or EKS Anywhere environments. In case of passive mode, the snort instance will be still forwarding traffic, but it will only generate "would have been blocked" events - this is required because we need to send back the inspected traffic to the wire towards the GWLB and encapsulate it with Geneve.

The use cases supported by this offer in an On-prem Kubernetes environment:

  • Inline mode deployment
  • Passive mode deployment

In an on-prem environment for both inline and passive modes we use the well-known afpacket DAQ module.

The DAQ configuration needs to be edited depends on whether you will use snort in AWS or On-prem Kubernetes environment. You can find the daq parameter under the snort3 section in the "values.yaml" file which is part of the Helm chart. You can set it to "gwlb" in case of AWS or "afpacket" for on-prem. In this file you can also configure custom interfaces and set snort from inline to passive mode. The rest of snort parameters and other configuration can be accessed under this link.

As you can see with the help of the Snort 3 Anywhere solution, you can harness the power of Snort in both on-prem and AWS Kubernetes environments, and you can build and customize it to your needs.

In case if you need a more robust cloud native security solution which is orchestrated by Kubernetes and provides REST API support, please check out our Cisco Secure Firewall Cloud Nativeproduct.

Further resources:

We'd love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels




Cisco Systems Inc. published this content on 02 December 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 02 December 2021 19:50:06 UTC.

ę Publicnow 2021
All news about CISCO SYSTEMS, INC.
01/18CISCO : Protecting Secrets / Variables Using HashiCorp Vault Secret Manager
01/18CISCO : UCS and Cisco MDS
01/18CISCO : The why and how of AI-enhanced infrastructure
01/18CISCO : Batteries Included! Introducing Intersight Workload Engine
01/18CISCO : Go Green(er) with Network Automation
01/18CISCO : “Small Business, Big Solutions” Podcast Launches on Cisco Podcast Netw..
01/18CISCO : Channel Chief's Anti-Counterfeit Message
01/18CISCO : Sustainability in Retail
More news
Analyst Recommendations on CISCO SYSTEMS, INC.
More recommendations
Financials (USD)
Sales 2022 52 740 M - -
Net income 2022 12 226 M - -
Net cash 2022 18 811 M - -
P/E ratio 2022 20,6x
Yield 2022 2,53%
Capitalization 252 B 252 B -
EV / Sales 2022 4,42x
EV / Sales 2023 4,07x
Nbr of Employees 79 500
Free-Float 99,9%
Duration : Period :
Cisco Systems, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends CISCO SYSTEMS, INC.
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus OUTPERFORM
Number of Analysts 29
Last Close Price 59,73 $
Average target price 63,55 $
Spread / Average Target 6,39%
EPS Revisions
Managers and Directors
Charles H. Robbins Chairman & Chief Executive Officer
Richard Scott Herren Chief Financial Officer & Executive VP
Jacqueline Guichelaar Group Chief Information Officer & Senior VP
Roland Acra Chief Technology Officer & Senior Vice President
Maria Martinez Chief Operating Officer & Executive Vice President
Sector and Competitors
1st jan.Capi. (M$)
CISCO SYSTEMS, INC.-5.74%251 918
ARISTA NETWORKS, INC.-11.59%39 053
ERICSSON4.22%37 988
NOKIA OYJ-7.32%33 055