CYBERSECURITY USE CASE

Suricata IDS/IPS

Boost Suricata IDS/IPS Performance with Real-Time Traffic Intelligence

Enhance Suricata capabilities with DPI-based traffic intelligence

Improved Threat Detection, Enhanced Alerting, Optimal Hardware Usage

Intrusion Detection / Intrusion Prevention Systems (IDS/IPS) play an essential role in cybersecurity by detecting and blocking threats that have penetrated endpoint and perimeter defenses. Suricata is an open source IDS/IPS system which is commonly used as part of commercial cybersecurity products.

However, Suricata has significant limitations:

  • It is blind to certain types of advanced threats
  • It generates a large number of false positive alerts
  • It consumes considerable hardware resources

These problems can be solved by combining Suricata with Enea traffic intelligence.

ENEA QOSMOS TECHNOLOGY

Boosts Suricata IDS/IPS Performance

  • Improves threat detection
  • Enhances alerting
  • Optimizes hardware
Enea Qosmos technology boosts Suricata IDS/IPS performance

Available as an SDK, CNF, VNF, or Software Sensor, Enea’s Qosmos ixEngine® is a next-generation Deep Packet Inspection (NG DPI) engine that leads the market with accurate classification of more than 4000 protocols and applications, and the ability to generate thousands of types of security and networking metadata, including threat indicators for encrypted and evasive traffic.

When Qosmos ixEngine is integrated with Suricata, it extends and enhances Suricata’s general threat detection capabilities, and enables Suricata rules to be tailored more effectively to customer environments.

This combined value is used to enhance a wide variety of security products, including Cloud Firewalls (FWaaS), Secure Web Gateways (SWG), Next-Generation Firewalls (NGFW), Network Detection and Response (NDR) and Extended Threat Detection and Response (XDR) platforms.

51% of cybersecurity professionals want better detection of anomalous and evasive traffic

How Qosmos ixEngine Boosts Suricata Capabilities

Qosmos ixEngine enhances Suricata by:

  • Enabling rapid development of whitelists and blacklists that leverage Qosmos ixEngine’s expanded protocol coverage (particularly for Cloud, SaaS, IoT/ ICS, Messaging, VPN, and Tunneling applications and protocols)
  • Improving Suricata’s ability to detect potential threats through unique methods of identifying anomalous and evasive traffic (such as MITM risk scoring)
  • Safeguarding Suricata’s ability to detect threats even in fully encrypted environments through Encrypted Traffic Classification (ETC)
  • Significantly reducing the high number of false-positive alerts generated by Suricata through increased network visibility and more accurate traffic identification
  • Speeding investigations and reducing the need for full packet capture by meeting analytical needs through high-value metadata
  • Optimizing memory, CPU resources and data storage thanks to application-based Suricata flow bypass (fewer packets have to go through Suricata)

SOLUTION BRIEF

Boost Suricata Threat Detection with Real-Time Traffic Intelligence

Enea Qosmos technology boosts Suricata IDS/IPS performance

Qosmos ixEngine Benefits for IDS/IPS

Global Network Visibility

  • Gain real-time L2-to-L7 traffic visibility across diverse environments: mobile and cloud networks, on-premise equipment, IoT devices, applications and containers.
  • Identify and classify encrypted traffic without decryption through fine grained and contextualized metadata and statistics.
  • Leverage protocols, metadata, behavioral baselining and analytics to surface new, hard-to-detect threats moving laterally across a network.

Critical Efficiency

  • Save valuable SOC staff time (and frustration) by excluding low- or no-value data and better qualifying and funneling alerts.
  • Dramatically reduce data storage requirements by excluding safe traffic and reducing the need for full packet capture to support forensics.

Deployment Agility

  • Deploy as an SDK, CNF, VNF (Qosmos ixEngine) or Software Sensor (Qosmos Probe) to adapt to continuously evolving network environments.
  • Gain the speed and flexibility needed to secure and manage forthcoming 5G mobile networks.
Boosting Suricata with DPI-Based Traffic Intelligence

TECHNICAL DEMO VIDEO

Boosting Suricata with DPI-Based Traffic Intelligence

2022 State of IDS/IPS: Adapt or Die?

ON-DEMAND WEBINAR

2022 State of IDS/IPS: Adapt or Die?

DATASHEET

Qosmos ixEngine: Next-Generation DPI for Maximum Traffic Visibility

Qosmos ixEngine: Next-Generation DPI for Maximum Traffic Visibility