Sourcefire's Roesch: How Snort can normalize JavaScript, model rules

SAN FRANCISCO -- In the hearts and minds of information security practitioners, arguably no tool is as beloved as Snort, Sourcefire Inc.'s venerable open source intrusion detection system for Windows and Unix.

"It was a perfect software project," said Snort creator Martin Roesch, Sourcefire's chief technology officer, "because you never had to finish it and you interacted directly with the users."

Even though Snort celebrates its 15th anniversary this year, Roesch said there are plenty of new features for the passionate Snort user community to get excited about.

In this interview, conducted at the 2013 RSA Conference, Roesch discussed some of Snort's recently added capabilities, including JavaScript normalization for examining obfuscated code, file analyzers and anti-evasion technology. Roesch also reflected on why Snort has enjoyed so much success, how much coding he gets to do these days, and what the future of Snort may hold.

Editor's note: Roesch's title was interim CEO at the time of the interview.

View All Videos

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.