Open source IDS Suricata 1.3 released

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors.

Several characteristics of Suricata make it appropriate for tackling today’s security threats including:

  • An open source engine. The power of the community works well within IT security defenses, as a community is more effective than a single organization at capturing characteristics of emerging threats.
  • Multi-threaded. A multi-threaded architecture allows the engine to take advantage of the multiple core and multiple processor architectures of today’s systems.
  • Supports IP reputation. By incorporating reputation and signatures into its engine, Suricata can flag traffic from known nefarious origins.
  • Automated protocol detection. Preprocessors automatically identify the protocol used in a network stream and apply the appropriate rules, regardless of numerical port.

New features in version 1.3 include:

  • TLS/SSL handshake parser and rule keywords for detecting anomolies in TLS/SSL traffic
  • HTTP user agent keyword for matching directly on User-Agent header
  • On the fly MD5 calculation and matching for files in HTTP streams.
Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.