My buddy Aamir wrote a summary of the open source announcement by Cisco at RSA last week (original post can be found HERE). Cisco also announced integrating FireAMP with Cisco email, web and cloud security products. FireAMP gives Cisco products the ability to detect infected files by searching for known hashes, sandboxing unknown files and other detection means. More on the FireAMP capabilities can be found HERE. Another source for these announcements is on the Network World blog found HERE.
Cisco, at the RSA 2014 Conference in San Francisco announced they are committed to the open source community and would continue to support Snort and ClamAV open source projects (I did not see anything on the Razorback project).
Additionally, Cisco unveiled a new open source initiative called Open App ID. Open App ID will allow the open source community to contribute code to identify applications and through the Snort open-source forum.
Next-generation firewalls (NGFWs) and next-generation IPS (NGIPS) systems are powerful because they can be configured to allow, block, or manipulate traffic based on specific applications or websites. In other words, you can have very different policies on the type of access and services that are allowed thru your organization from sites like Facebook, Google, and applications such as FTP, Instant Messaging, and mobile apps. Traditionally, firewalls allowed or blocked access. However, NGFWs give organizations very granular control and access on individual aspects of applications and websites.
For this to work, NGFW vendors must understand and support the applications and web sites you want to create policies for. If they do not support or understand application protocols, then the NGFW for the most part, just acts as a traditional firewall. The more applications a NGFW can identify, generally, the more desirable it is because it is considered much more versatile.
So far, vendors have been playing a cat and mouse game by trying to identify applications and features, and adding them into their products before their competitors do. Each vendor has their own way of identifying applications. If Open App ID is successful it will allow all vendors to be on the same playing field, giving a standard way to identify applications that could be used by any vendor or individual.
Application identification is big money, and usually the secret sauce for most NGFW vendors. It remains to be seen how many vendors will participate in the program, or how successful the open source community will be in contributing code. Critics may argue Cisco was behind their competitors on the number, and how well they identified applications in their NGFWs products. Therefore, there is very little for Cisco to lose by contributing to Open App ID, and lots to gain. It could allow them to quickly build up the number of applications they can identify in their products.
Established vendors who have large application protocols will most likely ignore Open App ID. However, NGFW vendors who have had issues competing with vendors with large supported application protocols will benefit if the open source community starts contributing code to identify applications. Open App ID success will depend on the how involved the open source community is, as well as how many vendors outside Cisco will use, and contribute to the Open App ID.