Several characteristics of Suricata make it appropriate for tackling today’s security threats including:
- An open source engine. The power of the community works well within IT security defenses, as a community is more effective than a single organization at capturing characteristics of emerging threats.
- Multi-threaded. A multi-threaded architecture allows the engine to take advantage of the multiple core and multiple processor architectures of today’s systems.
- Supports IP reputation. By incorporating reputation and signatures into its engine, Suricata can flag traffic from known nefarious origins.
- Automated protocol detection. Preprocessors automatically identify the protocol used in a network stream and apply the appropriate rules, regardless of numerical port.
- TLS/SSL handshake parser and rule keywords for detecting anomolies in TLS/SSL traffic
- HTTP user agent keyword for matching directly on User-Agent header
- On the fly MD5 calculation and matching for files in HTTP streams.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.