1. Home
  2. >
  3. Security
  4. >
  5. Suricata IDS/IPS

BOOST SURICATA IDS/IPS PERFORMANCE

LESS NOISE, BETTER COVERAGE, FEWER BLIND SPOTS

Intrusion Detection / Intrusion Prevention Systems (IDS/IPS) play an essential role in cybersecurity by detecting and blocking threats that have penetrated endpoint and perimeter defenses. Among IDS/IPS, no solution is more trusted than Suricata, which is widely deployed in commercial cybersecurity products. However, Suricata also generates a lot of false positive alerts, has limited protocol and application coverage, and is blind to certain types of advanced threats – especially those using encryption to evade detection. Integrating Enea traffic intelligence software with Suricata can fill these gaps and significantly improve Suricata performance.

ENEA QOSMOS TECHNOLOGY BOOSTS IDS/IPS PERFORMANCE

Enea Qosmos technology identifies 3600 protocols and applications

Extends protocols and application recognition

Enea Qosmos technology classifies encrypted and evasive traffic

Preserves visibility into encrypted traffic

Enea Qosmos technology surfaces anomalous behaviors

Improves threat detection

Enea Qosmos technology speeds threat analysis and forensics

Speeds threat analysis and forensics

Available as an SDK, CNF, VNF, or Software Sensor, Enea’s Qosmos ixEngine is a next-generation deep packet inspection (NG DPI) engine that leads the market with accurate classification of more than 3700 protocols and applications, and the ability to generate thousands of types of security and networking metadata, including threat indicators for encrypted and evasive traffic. 

When Qosmos ixEngine is integrated with Suricata, it extends and enhances Suricata’s general threat detection capabilities, and enables Suricata rules to be tailored more effectively to customer environments.

This combined value is used to enhance a wide variety of security products, including Cloud Firewalls (FWaaS), Secure Web Gateways (SWG), Next Generation Firewalls (NGFW), Network Detection and Response (NDR) and Extended Threat Detection and Response (XDR) platforms.

Enea Qosmos Technology recognizes over 3700 applications and protocols

SUPPORTED PROTOCOLS

HOW QOSMOS IXENGINE IMPROVES SURICATA’S PERFORMANCE

Qosmos ixEngine enhances Suricata by:

  • Enabling rapid development of whitelists and blacklists that leverage Qosmos ixEngine’s expanded protocol coverage (particularly for Cloud, SaaS, IoT/ ICS, Messaging, VPN, and Tunneling applications and protocols)
  • Improving Suricata’s ability to detect potential threats through unique methods of identifying anomalous and evasive traffic (such as MITM risk scoring)
  • Safeguarding Suricata’s ability to detect threats even in fully encrypted environments through Encrypted Traffic Classification (ETC)
  • Significantly reducing the high number of false-positive alerts generated by Suricata through increased network visibility and more accurate traffic identification
  • Speeding investigations and reducing the need for full packet capture by meeting analytical needs through high-value metadata

Discover in detail how Qosmos ixEngine improves Suricata’s performance and threat detection capabilities:

GLOBAL NETWORK VISIBILITY

  • Gain real-time L2-to-L7 traffic visibility across diverse environments: mobile and cloud networks, on-premise equipment, IoT devices, applications and containers.
  • Identify and classify encrypted traffic without decryption through fine grained and contextualized metadata and statistics.
  • Leverage protocols, metadata, behavioral baselining and analytics to surface new, hard-to-detect threats moving laterally across a network.

CRITICAL EFFICIENCY

  • Save valuable SOC staff time (and frustration) by excluding low- or no-value data and better qualifying and funneling alerts.
  • Dramatically reduce data storage requirements by excluding safe traffic and reducing the need for full packet capture to support forensics.

DEPLOYMENT AGILITY

  • Deploy as an SDK, CNF, VNF (Qosmos ixEngine) or Software Sensor (Qosmos Probe) to adapt to continuously evolving network environments.
  • Gain the speed and flexibility needed to secure and manage forthcoming 5G mobile networks.

INDUSTRY RECOGNITION

 

Qosmos ixEngine wins Gold in the 2022 Cybersecurity Excellence Awards
Qosmos ixEngine wins the Editor’s Choice award for Embedded Security in the Global InfoSec Awards for 2021
Improve Suricata’s Ability to Detect Threats in Evolving Networks with Enea Qosmos Traffic Intelligence
Qosmos ixEngine: Next-Generation Deep Packet Inspection (DPI) for Maximum Traffic Visibility
Network Detection and Response – Survey Report by Cybersecurity Insiders
Webinar
On-Demand: How to Use Network Detection & Response (NDR) to Mitigate the Inevitable Breach