SlideShare a Scribd company logo

The Next Generation Open IDS Engine Suricata and Emerging Threats

Joshua L. Davis
Joshua L. Davis

The Next Generation Open IDS Engine Suricata and Emerging Threats Matt Jonkman, Open Information Security Foundation/Emerging Threats.net

Technology
1 of 72
Download to read offline
Open Information Security Foundation Suricata, The Next Generation IPS Balancing Open Security Software with Commercial Interests Tuesday, August 3, 2010
Introduction EmergingThreats.net Open Information Security Foundation OpenInfoSecFoundation.org Tuesday, August 3, 2010
A Few Truths Great Ideas Often Result from Open Collaboration Tuesday, August 3, 2010
A Few Truths Open Source Projects Don’t Become Effective Complete Products on Their Own Tuesday, August 3, 2010
A Few Truths Open Community Hippies Don’t Trust Vendors Tuesday, August 3, 2010
A Few Truths Vendors Don’t Collaborate With Open Community Hippies Well Tuesday, August 3, 2010
A Few Truths The Military Doesn’t Trust Open Community Hippies Tuesday, August 3, 2010
A Few Truths Vendors try to Reinvent the Wheel on Every Military Contract Tuesday, August 3, 2010
The Result We have a Hippie-Vendor-Mil Gap Tuesday, August 3, 2010
Fixing it... Tuesday, August 3, 2010
Fixing it... (please don’t laugh) Tuesday, August 3, 2010
Fixing it... (please don’t laugh) Tuesday, August 3, 2010
Fixing it... (please don’t laugh) We Involve The Government Tuesday, August 3, 2010
Fixing it... (please don’t laugh) We Involve The Government Tuesday, August 3, 2010
A Case Study Tuesday, August 3, 2010
A Case Study Intrusion Detection Systems Tuesday, August 3, 2010
A Case Study Intrusion Detection Systems 12+ Years Old Tuesday, August 3, 2010
A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Tuesday, August 3, 2010
A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Productized by EV Tuesday, August 3, 2010
A Case Study In the last 5 years No Innovation. Nada. Zilch. Nothing. Tuesday, August 3, 2010
A Case Study “IDS is Dead.” -Gartner Tuesday, August 3, 2010
IDS • Intrusion Detection Has Not: • Innovated • Gone Multi-Threaded • Integrated with other technologies • Risen to solve our new threats Tuesday, August 3, 2010
Tuesday, August 3, 2010
OISF Tuesday, August 3, 2010
OISF Non-Profit Foundation Tuesday, August 3, 2010
OISF Non-Profit Foundation Initially DHS Funded Tuesday, August 3, 2010
OISF Non-Profit Foundation Initially DHS Funded OSH, Mil, and EV Involvement Tuesday, August 3, 2010
The Dirty Little Secret Tuesday, August 3, 2010
The Dirty Little Secret It’s working! Tuesday, August 3, 2010
The Dirty Little Secret It’s working! Why? Tuesday, August 3, 2010
The Dirty Little Secret Tuesday, August 3, 2010
The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government Tuesday, August 3, 2010
The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government ALL WANT THE SAME THING Tuesday, August 3, 2010
The Dirty Little Secret New Ideas Constant Innovation Reliable Implementations Effective Support Put their Kids through College Tuesday, August 3, 2010
Consortium Tuesday, August 3, 2010
Consortium Vendors are part of a Consortium Tuesday, August 3, 2010
Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Tuesday, August 3, 2010
Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Support required for a non-GPL license Tuesday, August 3, 2010
OISF Consortium Tuesday, August 3, 2010
Consortium •Currently Bringing in 19 New Members •Global Defense Contractors... •Several Government Research Groups •Many CERTs •Universities •Security Vendors (that use other engines...) Tuesday, August 3, 2010
The Engine Tuesday, August 3, 2010
Features Major Goals Tuesday, August 3, 2010
Features Multi-Threading Tuesday, August 3, 2010
Features Native IPv6 Support Tuesday, August 3, 2010
Features Snort Syntax with additions Tuesday, August 3, 2010
Features Automatic Protocol Detection Tuesday, August 3, 2010
Features High Speed Regex Tuesday, August 3, 2010
Features Advanced HTTP Parsing Tuesday, August 3, 2010
Features Multiple Model Statistical Anomaly Detection Tuesday, August 3, 2010
Features Native Hardware Acceleration Support Tuesday, August 3, 2010
Features GPU Acceleration Tuesday, August 3, 2010
Features IP Reputation Distributed Blocking and Feedback Tuesday, August 3, 2010
Features Scoring Thresholds Tuesday, August 3, 2010
Features Very High Speed Regex Tuesday, August 3, 2010
Features In Stream File Extraction Tuesday, August 3, 2010
Features Web-Based Config Manager Tuesday, August 3, 2010
Other Features HTTP Access Logging SMB Access/Action Logging Windows INLINE Support Full Windows Support Virtual Environment Support Stopbadware.org URI Matching Passive SSL Decryption Tuesday, August 3, 2010
Features Go ask your Commercial Vendor for any of that.... Tuesday, August 3, 2010
Status  Releases •Initial Stable Release, December 31, 2010 •Second Stable Release, February 15, 2010 •Phase One RC1, May 6, 2010 •Phase One Production, July 1, 2010 Tuesday, August 3, 2010
Get Involved Brainstorming Meeting July 16, 2010 San Francisco Tuesday, August 3, 2010
Get Involved Interim Goals: Architecture Documentation Performance Optimization Run Mode Support (Likely Endace completed) Error Code Cleanup and Documentation Full Documentation (community interactable docs) Advanced Profiling and Engine stats Accuracy Improvements Add Protocol Detections (SMTP, etc) Classifications Update 2.8.6 Compatibility LibHTP Error Handling Heavy Inline Testing Tuesday, August 3, 2010
Get Involved Phase Two: Max Inspection Time File Capture in Stream REGEX Optimization/Accel Live Ruleset Updates Flow Logging (Netflow) Add Replace keyword support Host attribute scrubbing URI Matching lookups (stopbadware, websense, etc) CUDA Support Tuesday, August 3, 2010
Get Involved Phase Two Team Two: IP Reputation - Explore other items, dns, etc Distributed Blocking Global Flowbits and flowvars Full Stream Capture Traffic Redirection Tuesday, August 3, 2010
What We Need Tuesday, August 3, 2010
What We Need Consortium Members Tuesday, August 3, 2010
What We Need Consortium Members Coding Support Tuesday, August 3, 2010
What We Need Consortium Members Coding Support Further Government/Mil Support Tuesday, August 3, 2010
What We Need Consortium Members Coding Support Further Government/Mil Support YOU! Tuesday, August 3, 2010
Tuesday, August 3, 2010
Will you get involved? Tuesday, August 3, 2010
Will you get involved? Questions? Tuesday, August 3, 2010
www.EmergingThreats.net Tuesday, August 3, 2010

Recommended

Suricata
SuricataSuricata
Suricata
tex_morgan
 
Cyber security2012 hybrid-hardware-software
Cyber security2012 hybrid-hardware-softwareCyber security2012 hybrid-hardware-software
Cyber security2012 hybrid-hardware-software
telesoft_tech
 
Distro Recipes 2013 : Upstream management and consequences on the distributi...
Distro Recipes 2013 : Upstream management and consequences on the distributi...Distro Recipes 2013 : Upstream management and consequences on the distributi...
Distro Recipes 2013 : Upstream management and consequences on the distributi...
Anne Nicolas
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Human APIs, the future of mobile
Human APIs, the future of mobileHuman APIs, the future of mobile
Human APIs, the future of mobile
Nikolai Onken
 
Jobs To Be Done Workshop
Jobs To Be Done WorkshopJobs To Be Done Workshop
Jobs To Be Done Workshop
Andy Fallshaw
 
Ignite: Devops - Why Should You Care
Ignite: Devops - Why Should You CareIgnite: Devops - Why Should You Care
Ignite: Devops - Why Should You Care
Joshua L. Davis
 
Linked Data Licensing: Introduction - I-Semantics 2010
Linked Data Licensing: Introduction - I-Semantics 2010Linked Data Licensing: Introduction - I-Semantics 2010
Linked Data Licensing: Introduction - I-Semantics 2010
Jordan Hatcher
 

Recommended

Suricata
SuricataSuricata
Suricata
tex_morgan
 
Cyber security2012 hybrid-hardware-software
Cyber security2012 hybrid-hardware-softwareCyber security2012 hybrid-hardware-software
Cyber security2012 hybrid-hardware-software
telesoft_tech
 
Distro Recipes 2013 : Upstream management and consequences on the distributi...
Distro Recipes 2013 : Upstream management and consequences on the distributi...Distro Recipes 2013 : Upstream management and consequences on the distributi...
Distro Recipes 2013 : Upstream management and consequences on the distributi...
Anne Nicolas
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Human APIs, the future of mobile
Human APIs, the future of mobileHuman APIs, the future of mobile
Human APIs, the future of mobile
Nikolai Onken
 
Jobs To Be Done Workshop
Jobs To Be Done WorkshopJobs To Be Done Workshop
Jobs To Be Done Workshop
Andy Fallshaw
 
Ignite: Devops - Why Should You Care
Ignite: Devops - Why Should You CareIgnite: Devops - Why Should You Care
Ignite: Devops - Why Should You Care
Joshua L. Davis
 
Linked Data Licensing: Introduction - I-Semantics 2010
Linked Data Licensing: Introduction - I-Semantics 2010Linked Data Licensing: Introduction - I-Semantics 2010
Linked Data Licensing: Introduction - I-Semantics 2010
Jordan Hatcher
 
Linked Data Publishing Three-Step
Linked Data Publishing Three-StepLinked Data Publishing Three-Step
Linked Data Publishing Three-Step
Richard Wallis
 
Our Approach in Design
Our Approach in DesignOur Approach in Design
Our Approach in Design
Geoff Brown
 
Building a Digital Gameplan for Events
Building a Digital Gameplan for EventsBuilding a Digital Gameplan for Events
Building a Digital Gameplan for Events
Samuel J. Smith
 
From Creative to Planning
From Creative to PlanningFrom Creative to Planning
From Creative to Planning
David Yeend
 
Re/wiring Brains · Andres Colmenares
Re/wiring Brains · Andres ColmenaresRe/wiring Brains · Andres Colmenares
Re/wiring Brains · Andres Colmenares
EOI Escuela de Organización Industrial
 
Interact - How to create an App?
Interact - How to create an App?Interact - How to create an App?
Interact - How to create an App?
The Design Zoo
 
Devops culturelt
Devops cultureltDevops culturelt
Devops culturelt
Chef Software, Inc.
 
Ethical Leadership
Ethical LeadershipEthical Leadership
Ethical Leadership
Switch On | Thrive Your Future
 
Innovation Through “Trusted” Open Source Solutions
Innovation Through “Trusted” Open Source SolutionsInnovation Through “Trusted” Open Source Solutions
Innovation Through “Trusted” Open Source Solutions
Joshua L. Davis
 
The Open Source Movement
The Open Source MovementThe Open Source Movement
The Open Source Movement
Joshua L. Davis
 
Mil-OSS @ 47th Annual AOC Convention
Mil-OSS @ 47th Annual AOC ConventionMil-OSS @ 47th Annual AOC Convention
Mil-OSS @ 47th Annual AOC Convention
Joshua L. Davis
 
DISA's Open Source Corporate Management Information System (OSCMIS)
DISA's Open Source Corporate Management Information System (OSCMIS)DISA's Open Source Corporate Management Information System (OSCMIS)
DISA's Open Source Corporate Management Information System (OSCMIS)
Joshua L. Davis
 
Ignite: Hackin' Excel with Ruby
Ignite: Hackin' Excel with RubyIgnite: Hackin' Excel with Ruby
Ignite: Hackin' Excel with Ruby
Joshua L. Davis
 
Ignite: YSANAOYOA
Ignite: YSANAOYOAIgnite: YSANAOYOA
Ignite: YSANAOYOA
Joshua L. Davis
 
Ignite: Improving Performance on Federal Contracts Using Scrum & Agile
Ignite: Improving Performance on Federal Contracts Using Scrum & AgileIgnite: Improving Performance on Federal Contracts Using Scrum & Agile
Ignite: Improving Performance on Federal Contracts Using Scrum & Agile
Joshua L. Davis
 
Using the Joomla CMI in the Army Hosting Environment
Using the Joomla CMI in the Army Hosting EnvironmentUsing the Joomla CMI in the Army Hosting Environment
Using the Joomla CMI in the Army Hosting Environment
Joshua L. Davis
 
Senior Leaders Adapting to Social Technologies
Senior Leaders Adapting to Social TechnologiesSenior Leaders Adapting to Social Technologies
Senior Leaders Adapting to Social Technologies
Joshua L. Davis
 
Barcamp: Open Source and Security
Barcamp: Open Source and SecurityBarcamp: Open Source and Security
Barcamp: Open Source and Security
Joshua L. Davis
 
Open Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and SecurityOpen Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and Security
Joshua L. Davis
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE Overview
Joshua L. Davis
 
milSuite
milSuitemilSuite
milSuite
Joshua L. Davis
 
Importance of WS-Addressing and WS-Reliability in DoD Enterprises
Importance of WS-Addressing and WS-Reliability in DoD EnterprisesImportance of WS-Addressing and WS-Reliability in DoD Enterprises
Importance of WS-Addressing and WS-Reliability in DoD Enterprises
Joshua L. Davis
 

More Related Content

Similar to The Next Generation Open IDS Engine Suricata and Emerging Threats

Linked Data Publishing Three-Step
Linked Data Publishing Three-StepLinked Data Publishing Three-Step
Linked Data Publishing Three-Step
Richard Wallis
 
Our Approach in Design
Our Approach in DesignOur Approach in Design
Our Approach in Design
Geoff Brown
 
Building a Digital Gameplan for Events
Building a Digital Gameplan for EventsBuilding a Digital Gameplan for Events
Building a Digital Gameplan for Events
Samuel J. Smith
 
From Creative to Planning
From Creative to PlanningFrom Creative to Planning
From Creative to Planning
David Yeend
 
Re/wiring Brains · Andres Colmenares
Re/wiring Brains · Andres ColmenaresRe/wiring Brains · Andres Colmenares
Re/wiring Brains · Andres Colmenares
EOI Escuela de Organización Industrial
 
Interact - How to create an App?
Interact - How to create an App?Interact - How to create an App?
Interact - How to create an App?
The Design Zoo
 
Devops culturelt
Devops cultureltDevops culturelt
Devops culturelt
Chef Software, Inc.
 
Ethical Leadership
Ethical LeadershipEthical Leadership
Ethical Leadership
Switch On | Thrive Your Future
 

Similar to The Next Generation Open IDS Engine Suricata and Emerging Threats (8)

Linked Data Publishing Three-Step
Linked Data Publishing Three-StepLinked Data Publishing Three-Step
Linked Data Publishing Three-Step
 
Our Approach in Design
Our Approach in DesignOur Approach in Design
Our Approach in Design
 
Building a Digital Gameplan for Events
Building a Digital Gameplan for EventsBuilding a Digital Gameplan for Events
Building a Digital Gameplan for Events
 
From Creative to Planning
From Creative to PlanningFrom Creative to Planning
From Creative to Planning
 
Re/wiring Brains · Andres Colmenares
Re/wiring Brains · Andres ColmenaresRe/wiring Brains · Andres Colmenares
Re/wiring Brains · Andres Colmenares
 
Interact - How to create an App?
Interact - How to create an App?Interact - How to create an App?
Interact - How to create an App?
 
Devops culturelt
Devops cultureltDevops culturelt
Devops culturelt
 
Ethical Leadership
Ethical LeadershipEthical Leadership
Ethical Leadership
 

More from Joshua L. Davis

Innovation Through “Trusted” Open Source Solutions
Innovation Through “Trusted” Open Source SolutionsInnovation Through “Trusted” Open Source Solutions
Innovation Through “Trusted” Open Source Solutions
Joshua L. Davis
 
The Open Source Movement
The Open Source MovementThe Open Source Movement
The Open Source Movement
Joshua L. Davis
 
Mil-OSS @ 47th Annual AOC Convention
Mil-OSS @ 47th Annual AOC ConventionMil-OSS @ 47th Annual AOC Convention
Mil-OSS @ 47th Annual AOC Convention
Joshua L. Davis
 
DISA's Open Source Corporate Management Information System (OSCMIS)
DISA's Open Source Corporate Management Information System (OSCMIS)DISA's Open Source Corporate Management Information System (OSCMIS)
DISA's Open Source Corporate Management Information System (OSCMIS)
Joshua L. Davis
 
Ignite: Hackin' Excel with Ruby
Ignite: Hackin' Excel with RubyIgnite: Hackin' Excel with Ruby
Ignite: Hackin' Excel with Ruby
Joshua L. Davis
 
Ignite: YSANAOYOA
Ignite: YSANAOYOAIgnite: YSANAOYOA
Ignite: YSANAOYOA
Joshua L. Davis
 
Ignite: Improving Performance on Federal Contracts Using Scrum & Agile
Ignite: Improving Performance on Federal Contracts Using Scrum & AgileIgnite: Improving Performance on Federal Contracts Using Scrum & Agile
Ignite: Improving Performance on Federal Contracts Using Scrum & Agile
Joshua L. Davis
 
Using the Joomla CMI in the Army Hosting Environment
Using the Joomla CMI in the Army Hosting EnvironmentUsing the Joomla CMI in the Army Hosting Environment
Using the Joomla CMI in the Army Hosting Environment
Joshua L. Davis
 
Senior Leaders Adapting to Social Technologies
Senior Leaders Adapting to Social TechnologiesSenior Leaders Adapting to Social Technologies
Senior Leaders Adapting to Social Technologies
Joshua L. Davis
 
Barcamp: Open Source and Security
Barcamp: Open Source and SecurityBarcamp: Open Source and Security
Barcamp: Open Source and Security
Joshua L. Davis
 
Open Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and SecurityOpen Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and Security
Joshua L. Davis
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE Overview
Joshua L. Davis
 
milSuite
milSuitemilSuite
milSuite
Joshua L. Davis
 
Importance of WS-Addressing and WS-Reliability in DoD Enterprises
Importance of WS-Addressing and WS-Reliability in DoD EnterprisesImportance of WS-Addressing and WS-Reliability in DoD Enterprises
Importance of WS-Addressing and WS-Reliability in DoD Enterprises
Joshua L. Davis
 
OZONE & OWF: A Community-wide GOTS initiative and its transition to GOSS
OZONE & OWF: A Community-wide GOTS initiative and its transition to GOSSOZONE & OWF: A Community-wide GOTS initiative and its transition to GOSS
OZONE & OWF: A Community-wide GOTS initiative and its transition to GOSS
Joshua L. Davis
 
Title TBD: "18 hundred seconds"
Title TBD: "18 hundred seconds"Title TBD: "18 hundred seconds"
Title TBD: "18 hundred seconds"
Joshua L. Davis
 
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major PlayerReaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
Joshua L. Davis
 
Homeland Open Security Technologies (HOST)
Homeland Open Security Technologies (HOST)Homeland Open Security Technologies (HOST)
Homeland Open Security Technologies (HOST)
Joshua L. Davis
 
USIP Open Simulation Platform
USIP Open Simulation PlatformUSIP Open Simulation Platform
USIP Open Simulation Platform
Joshua L. Davis
 
OSSIM and OMAR in the DoD/IC
OSSIM and OMAR in the DoD/ICOSSIM and OMAR in the DoD/IC
OSSIM and OMAR in the DoD/IC
Joshua L. Davis
 

More from Joshua L. Davis (20)

Innovation Through “Trusted” Open Source Solutions
Innovation Through “Trusted” Open Source SolutionsInnovation Through “Trusted” Open Source Solutions
Innovation Through “Trusted” Open Source Solutions
 
The Open Source Movement
The Open Source MovementThe Open Source Movement
The Open Source Movement
 
Mil-OSS @ 47th Annual AOC Convention
Mil-OSS @ 47th Annual AOC ConventionMil-OSS @ 47th Annual AOC Convention
Mil-OSS @ 47th Annual AOC Convention
 
DISA's Open Source Corporate Management Information System (OSCMIS)
DISA's Open Source Corporate Management Information System (OSCMIS)DISA's Open Source Corporate Management Information System (OSCMIS)
DISA's Open Source Corporate Management Information System (OSCMIS)
 
Ignite: Hackin' Excel with Ruby
Ignite: Hackin' Excel with RubyIgnite: Hackin' Excel with Ruby
Ignite: Hackin' Excel with Ruby
 
Ignite: YSANAOYOA
Ignite: YSANAOYOAIgnite: YSANAOYOA
Ignite: YSANAOYOA
 
Ignite: Improving Performance on Federal Contracts Using Scrum & Agile
Ignite: Improving Performance on Federal Contracts Using Scrum & AgileIgnite: Improving Performance on Federal Contracts Using Scrum & Agile
Ignite: Improving Performance on Federal Contracts Using Scrum & Agile
 
Using the Joomla CMI in the Army Hosting Environment
Using the Joomla CMI in the Army Hosting EnvironmentUsing the Joomla CMI in the Army Hosting Environment
Using the Joomla CMI in the Army Hosting Environment
 
Senior Leaders Adapting to Social Technologies
Senior Leaders Adapting to Social TechnologiesSenior Leaders Adapting to Social Technologies
Senior Leaders Adapting to Social Technologies
 
Barcamp: Open Source and Security
Barcamp: Open Source and SecurityBarcamp: Open Source and Security
Barcamp: Open Source and Security
 
Open Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and SecurityOpen Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and Security
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE Overview
 
milSuite
milSuitemilSuite
milSuite
 
Importance of WS-Addressing and WS-Reliability in DoD Enterprises
Importance of WS-Addressing and WS-Reliability in DoD EnterprisesImportance of WS-Addressing and WS-Reliability in DoD Enterprises
Importance of WS-Addressing and WS-Reliability in DoD Enterprises
 
OZONE & OWF: A Community-wide GOTS initiative and its transition to GOSS
OZONE & OWF: A Community-wide GOTS initiative and its transition to GOSSOZONE & OWF: A Community-wide GOTS initiative and its transition to GOSS
OZONE & OWF: A Community-wide GOTS initiative and its transition to GOSS
 
Title TBD: "18 hundred seconds"
Title TBD: "18 hundred seconds"Title TBD: "18 hundred seconds"
Title TBD: "18 hundred seconds"
 
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major PlayerReaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
 
Homeland Open Security Technologies (HOST)
Homeland Open Security Technologies (HOST)Homeland Open Security Technologies (HOST)
Homeland Open Security Technologies (HOST)
 
USIP Open Simulation Platform
USIP Open Simulation PlatformUSIP Open Simulation Platform
USIP Open Simulation Platform
 
OSSIM and OMAR in the DoD/IC
OSSIM and OMAR in the DoD/ICOSSIM and OMAR in the DoD/IC
OSSIM and OMAR in the DoD/IC
 

Recently uploaded

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 

Recently uploaded (20)

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 

The Next Generation Open IDS Engine Suricata and Emerging Threats

  • 1. Open Information Security Foundation Suricata, The Next Generation IPS Balancing Open Security Software with Commercial Interests Tuesday, August 3, 2010
  • 2. Introduction EmergingThreats.net Open Information Security Foundation OpenInfoSecFoundation.org Tuesday, August 3, 2010
  • 3. A Few Truths Great Ideas Often Result from Open Collaboration Tuesday, August 3, 2010
  • 4. A Few Truths Open Source Projects Don’t Become Effective Complete Products on Their Own Tuesday, August 3, 2010
  • 5. A Few Truths Open Community Hippies Don’t Trust Vendors Tuesday, August 3, 2010
  • 6. A Few Truths Vendors Don’t Collaborate With Open Community Hippies Well Tuesday, August 3, 2010
  • 7. A Few Truths The Military Doesn’t Trust Open Community Hippies Tuesday, August 3, 2010
  • 8. A Few Truths Vendors try to Reinvent the Wheel on Every Military Contract Tuesday, August 3, 2010
  • 9. The Result We have a Hippie-Vendor-Mil Gap Tuesday, August 3, 2010
  • 11. Fixing it... (please don’t laugh) Tuesday, August 3, 2010
  • 12. Fixing it... (please don’t laugh) Tuesday, August 3, 2010
  • 13. Fixing it... (please don’t laugh) We Involve The Government Tuesday, August 3, 2010
  • 14. Fixing it... (please don’t laugh) We Involve The Government Tuesday, August 3, 2010
  • 15. A Case Study Tuesday, August 3, 2010
  • 16. A Case Study Intrusion Detection Systems Tuesday, August 3, 2010
  • 17. A Case Study Intrusion Detection Systems 12+ Years Old Tuesday, August 3, 2010
  • 18. A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Tuesday, August 3, 2010
  • 19. A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Productized by EV Tuesday, August 3, 2010
  • 20. A Case Study In the last 5 years No Innovation. Nada. Zilch. Nothing. Tuesday, August 3, 2010
  • 21. A Case Study “IDS is Dead.” -Gartner Tuesday, August 3, 2010
  • 22. IDS • Intrusion Detection Has Not: • Innovated • Gone Multi-Threaded • Integrated with other technologies • Risen to solve our new threats Tuesday, August 3, 2010
  • 25. OISF Non-Profit Foundation Tuesday, August 3, 2010
  • 26. OISF Non-Profit Foundation Initially DHS Funded Tuesday, August 3, 2010
  • 27. OISF Non-Profit Foundation Initially DHS Funded OSH, Mil, and EV Involvement Tuesday, August 3, 2010
  • 28. The Dirty Little Secret Tuesday, August 3, 2010
  • 29. The Dirty Little Secret It’s working! Tuesday, August 3, 2010
  • 30. The Dirty Little Secret It’s working! Why? Tuesday, August 3, 2010
  • 31. The Dirty Little Secret Tuesday, August 3, 2010
  • 32. The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government Tuesday, August 3, 2010
  • 33. The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government ALL WANT THE SAME THING Tuesday, August 3, 2010
  • 34. The Dirty Little Secret New Ideas Constant Innovation Reliable Implementations Effective Support Put their Kids through College Tuesday, August 3, 2010
  • 36. Consortium Vendors are part of a Consortium Tuesday, August 3, 2010
  • 37. Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Tuesday, August 3, 2010
  • 38. Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Support required for a non-GPL license Tuesday, August 3, 2010
  • 40. Consortium •Currently Bringing in 19 New Members •Global Defense Contractors... •Several Government Research Groups •Many CERTs •Universities •Security Vendors (that use other engines...) Tuesday, August 3, 2010
  • 42. Features Major Goals Tuesday, August 3, 2010
  • 43. Features Multi-Threading Tuesday, August 3, 2010
  • 44. Features Native IPv6 Support Tuesday, August 3, 2010
  • 45. Features Snort Syntax with additions Tuesday, August 3, 2010
  • 46. Features Automatic Protocol Detection Tuesday, August 3, 2010
  • 47. Features High Speed Regex Tuesday, August 3, 2010
  • 48. Features Advanced HTTP Parsing Tuesday, August 3, 2010
  • 49. Features Multiple Model Statistical Anomaly Detection Tuesday, August 3, 2010
  • 50. Features Native Hardware Acceleration Support Tuesday, August 3, 2010
  • 51. Features GPU Acceleration Tuesday, August 3, 2010
  • 52. Features IP Reputation Distributed Blocking and Feedback Tuesday, August 3, 2010
  • 53. Features Scoring Thresholds Tuesday, August 3, 2010
  • 54. Features Very High Speed Regex Tuesday, August 3, 2010
  • 55. Features In Stream File Extraction Tuesday, August 3, 2010
  • 56. Features Web-Based Config Manager Tuesday, August 3, 2010
  • 57. Other Features HTTP Access Logging SMB Access/Action Logging Windows INLINE Support Full Windows Support Virtual Environment Support Stopbadware.org URI Matching Passive SSL Decryption Tuesday, August 3, 2010
  • 58. Features Go ask your Commercial Vendor for any of that.... Tuesday, August 3, 2010
  • 59. Status  Releases •Initial Stable Release, December 31, 2010 •Second Stable Release, February 15, 2010 •Phase One RC1, May 6, 2010 •Phase One Production, July 1, 2010 Tuesday, August 3, 2010
  • 60. Get Involved Brainstorming Meeting July 16, 2010 San Francisco Tuesday, August 3, 2010
  • 61. Get Involved Interim Goals: Architecture Documentation Performance Optimization Run Mode Support (Likely Endace completed) Error Code Cleanup and Documentation Full Documentation (community interactable docs) Advanced Profiling and Engine stats Accuracy Improvements Add Protocol Detections (SMTP, etc) Classifications Update 2.8.6 Compatibility LibHTP Error Handling Heavy Inline Testing Tuesday, August 3, 2010
  • 62. Get Involved Phase Two: Max Inspection Time File Capture in Stream REGEX Optimization/Accel Live Ruleset Updates Flow Logging (Netflow) Add Replace keyword support Host attribute scrubbing URI Matching lookups (stopbadware, websense, etc) CUDA Support Tuesday, August 3, 2010
  • 63. Get Involved Phase Two Team Two: IP Reputation - Explore other items, dns, etc Distributed Blocking Global Flowbits and flowvars Full Stream Capture Traffic Redirection Tuesday, August 3, 2010
  • 64. What We Need Tuesday, August 3, 2010
  • 65. What We Need Consortium Members Tuesday, August 3, 2010
  • 66. What We Need Consortium Members Coding Support Tuesday, August 3, 2010
  • 67. What We Need Consortium Members Coding Support Further Government/Mil Support Tuesday, August 3, 2010
  • 68. What We Need Consortium Members Coding Support Further Government/Mil Support YOU! Tuesday, August 3, 2010
  • 70. Will you get involved? Tuesday, August 3, 2010
  • 71. Will you get involved? Questions? Tuesday, August 3, 2010