The Next Generation Open IDS Engine Suricata and Emerging Threats
•
2 recomendaciones•1,880 vistas
The Next Generation Open IDS Engine Suricata and Emerging Threats Matt Jonkman, Open Information Security Foundation/Emerging Threats.net
Recomendados
Recomendados
Más contenido relacionado
Similar a The Next Generation Open IDS Engine Suricata and Emerging Threats
Similar a The Next Generation Open IDS Engine Suricata and Emerging Threats (8)
Más de Joshua L. Davis
Más de Joshua L. Davis (20)
Último
Último (20)
The Next Generation Open IDS Engine Suricata and Emerging Threats
- 1. Open Information Security Foundation Suricata, The Next Generation IPS Balancing Open Security Software with Commercial Interests Tuesday, August 3, 2010
- 2. Introduction EmergingThreats.net Open Information Security Foundation OpenInfoSecFoundation.org Tuesday, August 3, 2010
- 3. A Few Truths Great Ideas Often Result from Open Collaboration Tuesday, August 3, 2010
- 4. A Few Truths Open Source Projects Don’t Become Effective Complete Products on Their Own Tuesday, August 3, 2010
- 5. A Few Truths Open Community Hippies Don’t Trust Vendors Tuesday, August 3, 2010
- 6. A Few Truths Vendors Don’t Collaborate With Open Community Hippies Well Tuesday, August 3, 2010
- 7. A Few Truths The Military Doesn’t Trust Open Community Hippies Tuesday, August 3, 2010
- 8. A Few Truths Vendors try to Reinvent the Wheel on Every Military Contract Tuesday, August 3, 2010
- 9. The Result We have a Hippie-Vendor-Mil Gap Tuesday, August 3, 2010
- 10. Fixing it... Tuesday, August 3, 2010
- 11. Fixing it... (please don’t laugh) Tuesday, August 3, 2010
- 12. Fixing it... (please don’t laugh) Tuesday, August 3, 2010
- 13. Fixing it... (please don’t laugh) We Involve The Government Tuesday, August 3, 2010
- 14. Fixing it... (please don’t laugh) We Involve The Government Tuesday, August 3, 2010
- 15. A Case Study Tuesday, August 3, 2010
- 16. A Case Study Intrusion Detection Systems Tuesday, August 3, 2010
- 17. A Case Study Intrusion Detection Systems 12+ Years Old Tuesday, August 3, 2010
- 18. A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Tuesday, August 3, 2010
- 19. A Case Study Intrusion Detection Systems 12+ Years Old Open and Proprietary Productized by EV Tuesday, August 3, 2010
- 20. A Case Study In the last 5 years No Innovation. Nada. Zilch. Nothing. Tuesday, August 3, 2010
- 21. A Case Study “IDS is Dead.” -Gartner Tuesday, August 3, 2010
- 22. IDS • Intrusion Detection Has Not: • Innovated • Gone Multi-Threaded • Integrated with other technologies • Risen to solve our new threats Tuesday, August 3, 2010
- 23. Tuesday, August 3, 2010
- 24. OISF Tuesday, August 3, 2010
- 25. OISF Non-Profit Foundation Tuesday, August 3, 2010
- 26. OISF Non-Profit Foundation Initially DHS Funded Tuesday, August 3, 2010
- 27. OISF Non-Profit Foundation Initially DHS Funded OSH, Mil, and EV Involvement Tuesday, August 3, 2010
- 28. The Dirty Little Secret Tuesday, August 3, 2010
- 29. The Dirty Little Secret It’s working! Tuesday, August 3, 2010
- 30. The Dirty Little Secret It’s working! Why? Tuesday, August 3, 2010
- 31. The Dirty Little Secret Tuesday, August 3, 2010
- 32. The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government Tuesday, August 3, 2010
- 33. The Dirty Little Secret The OSH, EV, Consumers, Mil, and Government ALL WANT THE SAME THING Tuesday, August 3, 2010
- 34. The Dirty Little Secret New Ideas Constant Innovation Reliable Implementations Effective Support Put their Kids through College Tuesday, August 3, 2010
- 35. Consortium Tuesday, August 3, 2010
- 36. Consortium Vendors are part of a Consortium Tuesday, August 3, 2010
- 37. Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Tuesday, August 3, 2010
- 38. Consortium Vendors are part of a Consortium 50/50 voting rights with the Community Support required for a non-GPL license Tuesday, August 3, 2010
- 39. OISF Consortium Tuesday, August 3, 2010
- 40. Consortium •Currently Bringing in 19 New Members •Global Defense Contractors... •Several Government Research Groups •Many CERTs •Universities •Security Vendors (that use other engines...) Tuesday, August 3, 2010
- 41. The Engine Tuesday, August 3, 2010
- 42. Features Major Goals Tuesday, August 3, 2010
- 43. Features Multi-Threading Tuesday, August 3, 2010
- 44. Features Native IPv6 Support Tuesday, August 3, 2010
- 45. Features Snort Syntax with additions Tuesday, August 3, 2010
- 46. Features Automatic Protocol Detection Tuesday, August 3, 2010
- 47. Features High Speed Regex Tuesday, August 3, 2010
- 48. Features Advanced HTTP Parsing Tuesday, August 3, 2010
- 49. Features Multiple Model Statistical Anomaly Detection Tuesday, August 3, 2010
- 50. Features Native Hardware Acceleration Support Tuesday, August 3, 2010
- 51. Features GPU Acceleration Tuesday, August 3, 2010
- 52. Features IP Reputation Distributed Blocking and Feedback Tuesday, August 3, 2010
- 53. Features Scoring Thresholds Tuesday, August 3, 2010
- 54. Features Very High Speed Regex Tuesday, August 3, 2010
- 55. Features In Stream File Extraction Tuesday, August 3, 2010
- 56. Features Web-Based Config Manager Tuesday, August 3, 2010
- 57. Other Features HTTP Access Logging SMB Access/Action Logging Windows INLINE Support Full Windows Support Virtual Environment Support Stopbadware.org URI Matching Passive SSL Decryption Tuesday, August 3, 2010
- 58. Features Go ask your Commercial Vendor for any of that.... Tuesday, August 3, 2010
- 59. Status Releases •Initial Stable Release, December 31, 2010 •Second Stable Release, February 15, 2010 •Phase One RC1, May 6, 2010 •Phase One Production, July 1, 2010 Tuesday, August 3, 2010
- 60. Get Involved Brainstorming Meeting July 16, 2010 San Francisco Tuesday, August 3, 2010
- 61. Get Involved Interim Goals: Architecture Documentation Performance Optimization Run Mode Support (Likely Endace completed) Error Code Cleanup and Documentation Full Documentation (community interactable docs) Advanced Profiling and Engine stats Accuracy Improvements Add Protocol Detections (SMTP, etc) Classifications Update 2.8.6 Compatibility LibHTP Error Handling Heavy Inline Testing Tuesday, August 3, 2010
- 62. Get Involved Phase Two: Max Inspection Time File Capture in Stream REGEX Optimization/Accel Live Ruleset Updates Flow Logging (Netflow) Add Replace keyword support Host attribute scrubbing URI Matching lookups (stopbadware, websense, etc) CUDA Support Tuesday, August 3, 2010
- 63. Get Involved Phase Two Team Two: IP Reputation - Explore other items, dns, etc Distributed Blocking Global Flowbits and flowvars Full Stream Capture Traffic Redirection Tuesday, August 3, 2010
- 64. What We Need Tuesday, August 3, 2010
- 65. What We Need Consortium Members Tuesday, August 3, 2010
- 66. What We Need Consortium Members Coding Support Tuesday, August 3, 2010
- 67. What We Need Consortium Members Coding Support Further Government/Mil Support Tuesday, August 3, 2010
- 68. What We Need Consortium Members Coding Support Further Government/Mil Support YOU! Tuesday, August 3, 2010
- 69. Tuesday, August 3, 2010
- 70. Will you get involved? Tuesday, August 3, 2010
- 71. Will you get involved? Questions? Tuesday, August 3, 2010