Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors.
Suricata is the result of more than two years of development led by the OISF and includes contributions from more than 25 developers, who have collaborated to produce many major advances in IDS technology.
The OISF initiated the project with funding from the U.S. Department of Homeland Security, and a consortium of private organizations have contributed to the project, including IT security companies such as Endace, Everis and NitroSecurity. The project has been designed to facilitate community, commercial and government collaboration in a safe and mutually beneficial environment.
Several characteristics of Suricata make it appropriate for tackling today’s security threats including:
- An open source engine. The power of the community works well within IT security defenses, as a community is more effective than a single organization at capturing characteristics of emerging threats.
- Multi-threaded. A multi-threaded architecture allows the engine to take advantage of the multiple core and multiple processor architectures of today’s systems.
- Supports IP reputation. By incorporating reputation and signatures into its engine, Suricata can flag traffic from known nefarious origins.
- Automated protocol detection. Preprocessors automatically identify the protocol used in a network stream and apply the appropriate rules, regardless of numerical port.