By Steve Chew.
Snort 3 includes native support for Hyperscan pattern matching. Hyperscan is an open-source, high-performance, regular expression-matching library from Intel that runs on x86 platforms. It supports a large subset of the PCRE syntax and takes advantage of the Intel SIMD instructions. However, it is not yet available for ARM processors.
Hyperscan provides a significant boost for Snort 3's IPS fast pattern matching when compared to the other available search engines. Hyperscan is up to two times faster than the ac_full engine and three times faster than ac_bfna. Snort 3 will see the most benefit from Hyperscan when using a large ruleset and when doing deep flow inspection.