The Next Generation Open IDS Engine Suricata and Emerging Threats
2 likes1,889 views
The Next Generation Open IDS Engine Suricata and Emerging Threats Matt Jonkman, Open Information Security Foundation/Emerging Threats.net
The Next Generation Open IDS Engine Suricata and Emerging Threats
- 1. Open Information Security Foundation Suricata, The Next Generation IPS Balancing Open Security Software with Commercial Interests Tuesday, August 3, 2010
- 2. Introduction EmergingThreats.net Open Information Security Foundation OpenInfoSecFoundation.org Tuesday, August 3, 2010
- 3. A Few Truths Great Ideas Often Result from Open Collaboration Tuesday, August 3, 2010
- 4. A Few Truths Open Source Projects Dont Become Effective Complete Products on Their Own Tuesday, August 3, 2010
- 5. A Few Truths Open Community Hippies Dont Trust Vendors Tuesday, August 3, 2010
- 6. A Few Truths Vendors Dont Collaborate With Open Community Hippies Well Tuesday, August 3, 2010
- 7. A Few Truths The Military Doesnt Trust Open Community Hippies Tuesday, August 3, 2010
- 8. A Few Truths Vendors try to Reinvent the Wheel on Every Military Contract Tuesday, August 3, 2010
- 9. The Result We have a Hippie-Vendor-Mil Gap Tuesday, August 3, 2010
- 10. Fixing it... Tuesday, August 3, 2010
- 11. Fixing it... (please dont laugh) Tuesday, August 3, 2010
- 12. Fixing it... (please dont laugh) Tuesday, August 3, 2010
- 13. Fixing it... (please dont laugh) We Involve The Government Tuesday, August 3, 2010
- 14. Fixing it... (please dont laugh) We Involve The Government Tuesday, August 3, 2010
- 15. A Case Study Tuesday, August 3, 2010
- 16. A Case Study Intrusion Detection Systems Tuesday, August 3, 2010
- 17. A Case Study Intrusion Detection Systems 12+ Years Old Tuesday, August 3, 2010
- 18. A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Tuesday, August 3, 2010
- 19. A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Productized by EV Tuesday, August 3, 2010
- 20. A Case Study In the last 5 years No Innovation. Nada. Zilch. Nothing. Tuesday, August 3, 2010
- 21. A Case Study IDS is Dead. -Gartner Tuesday, August 3, 2010
- 22. IDS Intrusion Detection Has Not: Innovated Gone Multi-Threaded Integrated with other technologies Risen to solve our new threats Tuesday, August 3, 2010
- 23. Tuesday, August 3, 2010
- 24. OISF Tuesday, August 3, 2010
- 25. OISF Non-Pro鍖t Foundation Tuesday, August 3, 2010
- 26. OISF Non-Pro鍖t Foundation Initially DHS Funded Tuesday, August 3, 2010
- 27. OISF Non-Pro鍖t Foundation Initially DHS Funded OSH, Mil, and EV Involvement Tuesday, August 3, 2010
- 28. The Dirty Little Secret Tuesday, August 3, 2010
- 29. The Dirty Little Secret Its working! Tuesday, August 3, 2010
- 30. The Dirty Little Secret Its working! Why? Tuesday, August 3, 2010
- 31. The Dirty Little Secret Tuesday, August 3, 2010
- 32. The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government Tuesday, August 3, 2010
- 33. The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government ALL WANT THE SAME THING Tuesday, August 3, 2010
- 34. The Dirty Little Secret New Ideas Constant Innovation Reliable Implementations Effective Support Put their Kids through College Tuesday, August 3, 2010
- 35. Consortium Tuesday, August 3, 2010
- 36. Consortium Vendors are part of a Consortium Tuesday, August 3, 2010
- 37. Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Tuesday, August 3, 2010
- 38. Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Support required for a non-GPL license Tuesday, August 3, 2010
- 39. OISF Consortium Tuesday, August 3, 2010
- 40. Consortium Currently Bringing in 19 New Members Global Defense Contractors... Several Government Research Groups Many CERTs Universities Security Vendors (that use other engines...) Tuesday, August 3, 2010
- 41. The Engine Tuesday, August 3, 2010
- 42. Features Major Goals Tuesday, August 3, 2010
- 43. Features Multi-Threading Tuesday, August 3, 2010
- 44. Features Native IPv6 Support Tuesday, August 3, 2010
- 45. Features Snort Syntax with additions Tuesday, August 3, 2010
- 46. Features Automatic Protocol Detection Tuesday, August 3, 2010
- 47. Features High Speed Regex Tuesday, August 3, 2010
- 48. Features Advanced HTTP Parsing Tuesday, August 3, 2010
- 49. Features Multiple Model Statistical Anomaly Detection Tuesday, August 3, 2010
- 50. Features Native Hardware Acceleration Support Tuesday, August 3, 2010
- 51. Features GPU Acceleration Tuesday, August 3, 2010
- 52. Features IP Reputation Distributed Blocking and Feedback Tuesday, August 3, 2010
- 53. Features Scoring Thresholds Tuesday, August 3, 2010
- 54. Features Very High Speed Regex Tuesday, August 3, 2010
- 55. Features In Stream File Extraction Tuesday, August 3, 2010
- 56. Features Web-Based Config Manager Tuesday, August 3, 2010
- 57. Other Features HTTP Access Logging SMB Access/Action Logging Windows INLINE Support Full Windows Support Virtual Environment Support Stopbadware.org URI Matching Passive SSL Decryption Tuesday, August 3, 2010
- 58. Features Go ask your Commercial Vendor for any of that.... Tuesday, August 3, 2010
- 59. Status Releases Initial Stable Release, December 31, 2010 Second Stable Release, February 15, 2010 Phase One RC1, May 6, 2010 Phase One Production, July 1, 2010 Tuesday, August 3, 2010
- 60. Get Involved Brainstorming Meeting July 16, 2010 San Francisco Tuesday, August 3, 2010
- 61. Get Involved Interim Goals: Architecture Documentation Performance Optimization Run Mode Support (Likely Endace completed) Error Code Cleanup and Documentation Full Documentation (community interactable docs) Advanced Pro鍖ling and Engine stats Accuracy Improvements Add Protocol Detections (SMTP, etc) Classi鍖cations Update 2.8.6 Compatibility LibHTP Error Handling Heavy Inline Testing Tuesday, August 3, 2010
- 62. Get Involved Phase Two: Max Inspection Time File Capture in Stream REGEX Optimization/Accel Live Ruleset Updates Flow Logging (Net鍖ow) Add Replace keyword support Host attribute scrubbing URI Matching lookups (stopbadware, websense, etc) CUDA Support Tuesday, August 3, 2010
- 63. Get Involved Phase Two Team Two: IP Reputation - Explore other items, dns, etc Distributed Blocking Global Flowbits and 鍖owvars Full Stream Capture Traf鍖c Redirection Tuesday, August 3, 2010
- 64. What We Need Tuesday, August 3, 2010
- 65. What We Need Consortium Members Tuesday, August 3, 2010
- 66. What We Need Consortium Members Coding Support Tuesday, August 3, 2010
- 67. What We Need Consortium Members Coding Support Further Government/Mil Support Tuesday, August 3, 2010
- 68. What We Need Consortium Members Coding Support Further Government/Mil Support YOU! Tuesday, August 3, 2010
- 69. Tuesday, August 3, 2010
- 70. Will you get involved? Tuesday, August 3, 2010
- 71. Will you get involved? Questions? Tuesday, August 3, 2010