Intrusion Detection / Intrusion Prevention Systems (IDS/IPS) play an essential role in cybersecurity by detecting and blocking threats that have penetrated endpoint and perimeter defenses. Among IDS/IPS, no solution is more trusted than Suricata, which is widely deployed in commercial cybersecurity products. However, Suricata also generates a lot of false positive alerts, has limited protocol and application coverage, and is blind to certain types of advanced threats – especially those using encryption to evade detection. Integrating Enea traffic intelligence software with Suricata can fill these gaps and significantly improve Suricata performance.
Available as an SDK, CNF, VNF, or Software Sensor, Enea’s Qosmos ixEngine is a next-generation deep packet inspection (NG DPI) engine that leads the market with accurate classification of more than 3600 protocols and applications, and the ability to generate thousands of types of security and networking metadata, including threat indicators for encrypted and evasive traffic.
When Qosmos ixEngine is integrated with Suricata, it extends and enhances Suricata’s general threat detection capabilities, and enables Suricata rules to be tailored more effectively to customer environments.
This combined value is used to enhance a wide variety of security products, including Cloud Firewalls (FWaaS), Secure Web Gateways (SWG), Next Generation Firewalls (NGFW), Network Detection and Response (NDR) and Extended Threat Detection and Response (XDR) platforms.
Qosmos ixEngine enhances Suricata by:
Discover in detail how Qosmos ixEngine improves Suricata’s performance and threat detection capabilities: