The need for Snort 3
As we briefly saw in this chapter, Snort started with a very humble goal. As the networks, protocols, and the nature of security threats evolved, Snort also grew and evolved. It is not the IDS for small networks anymore! Snort can stand against any commercial or open source IDS/IPS as of now. It is one of the best in the IDS/IPS space.
That said, the nature of threats and the internet itself continues to change, and Snort has to evolve as well. Snort 3 has been cooking for a long time. Snort versions 1 and 2 have been single-threaded. For higher performance, the solution was to run multiple instances of Snort. However, this has several challenges, which are as follows:
- The multiple instances of Snort do not share state between them. This limits the possibility of information sharing between sessions and improving detection.
- Performance challenges.
- Various limitations specific to individual modules, such as the following:
- Complex implementation...
