Improved Threat Detection, Enhanced Alerting, Optimal Hardware Usage
Intrusion Detection / Intrusion Prevention Systems (IDS/IPS) play an essential role in cybersecurity by detecting and blocking threats that have penetrated endpoint and perimeter defenses. Suricata is an open source IDS/IPS system which is commonly used as part of commercial cybersecurity products.
However, Suricata has significant limitations:
- It is blind to certain types of advanced threats
- It generates a large number of false positive alerts
- It consumes considerable hardware resources
These problems can be solved by combining Suricata with Enea traffic intelligence.
ENEA QOSMOS TECHNOLOGY
Boosts Suricata IDS/IPS Performance
- Improves threat detection
- Enhances alerting
- Optimizes hardware
Available as an SDK, CNF, VNF, or Software Sensor, Enea’s Qosmos ixEngine® is a next-generation Deep Packet Inspection (NG DPI) engine that leads the market with accurate classification of more than 4000 protocols and applications, and the ability to generate thousands of types of security and networking metadata, including threat indicators for encrypted and evasive traffic.
When Qosmos ixEngine is integrated with Suricata, it extends and enhances Suricata’s general threat detection capabilities, and enables Suricata rules to be tailored more effectively to customer environments.
This combined value is used to enhance a wide variety of security products, including Cloud Firewalls (FWaaS), Secure Web Gateways (SWG), Next-Generation Firewalls (NGFW), Network Detection and Response (NDR) and Extended Threat Detection and Response (XDR) platforms.
How Qosmos ixEngine Boosts Suricata Capabilities
Qosmos ixEngine enhances Suricata by:
- Enabling rapid development of whitelists and blacklists that leverage Qosmos ixEngine’s expanded protocol coverage (particularly for Cloud, SaaS, IoT/ ICS, Messaging, VPN, and Tunneling applications and protocols)
- Improving Suricata’s ability to detect potential threats through unique methods of identifying anomalous and evasive traffic (such as MITM risk scoring)
- Safeguarding Suricata’s ability to detect threats even in fully encrypted environments through Encrypted Traffic Classification (ETC)
- Significantly reducing the high number of false-positive alerts generated by Suricata through increased network visibility and more accurate traffic identification
- Speeding investigations and reducing the need for full packet capture by meeting analytical needs through high-value metadata
- Optimizing memory, CPU resources and data storage thanks to application-based Suricata flow bypass (fewer packets have to go through Suricata)
Boost Suricata Threat Detection with Real-Time Traffic Intelligence
Qosmos ixEngine Benefits for IDS/IPS
Global Network Visibility
- Gain real-time L2-to-L7 traffic visibility across diverse environments: mobile and cloud networks, on-premise equipment, IoT devices, applications and containers.
- Identify and classify encrypted traffic without decryption through fine grained and contextualized metadata and statistics.
- Leverage protocols, metadata, behavioral baselining and analytics to surface new, hard-to-detect threats moving laterally across a network.
- Save valuable SOC staff time (and frustration) by excluding low- or no-value data and better qualifying and funneling alerts.
- Dramatically reduce data storage requirements by excluding safe traffic and reducing the need for full packet capture to support forensics.
- Gain the speed and flexibility needed to secure and manage forthcoming 5G mobile networks.