The Open Information Security Foundation

Tilera Partners with Suricata

Print
PDF
San Jose, Calif. – May 7, 2012 – Tilera® Corporation

Tilera, the leader in 64-bit manycore general purpose processors, today announced it has achieved unparalleled Suricata performance, surpassing 25Gbps throughput on the TILE-Gx^™ processor.  Suricata is an open source Intrusion Detection and Prevention System (IDS/IPS) developed by the Open Information Security Foundation (OISF) to secure networks against next generation security threats.

 This best-in-class performance was achieved on Tilera’s TILExtreme-Gx^™ high density platform that packs 144 cores with 4 TILE-Gx36 processors in a compact 1U rack mountable device. The standard TILExtreme-Gx platform provides up to 160Gbps of Ethernet I/O and is ideal for a variety of compute and I/O intensive tasks such as Network Security (IDS/IPS, DPI, DLP), Network Monitoring, Data Forensics and Big Data processing.

 The multi-threaded Suricata application (version 1.3 beta) was implemented using Tilera’s Multicore Development Environment (MDE) 4.0, a full-featured run time Linux environment for TILE-Gx processors.

 “The performance made possible by the TILE-Gx platform is impressive and necessary for organizations and carriers to stay ahead of rapidly evolving security threats. We are thrilled with Tilera’s support of Suricata and the amazing performance achieved by the TILE-Gx processor,” stated Victor Julien, OISF’s lead developer.

 "IDS systems have to evolve and we believe Suricata is leading that change. The enhanced capabilities powered by the major breakthroughs Tilera has made gives Suricata a natural partner and platform to really move forward,” added Matt Jonkman, president, OISF.

 “This is another example of the ground breaking capabilities TILE-Gx processors are delivering today.  We are the world’s first company to achieve 25Gbps performance in a 1U form factor when implementing the standard Suricata Emerging Threats rule set,” said Devesh Garg, founder, president, and CEO of Tilera. “We are very excited to see new classes of products unleashed in the market driven by the performance, power efficiency, software compatibility and overall density of our TILE-Gx processor family,” added Garg.

 The Suricata solution is available on all of the TILE-Gx platforms including the TILEmpower-Gx 1U standalone appliance and the TILEncore-Gx PCIe card, both supporting up to 40Gbps Ethernet I/O.

 Tilera will demonstrate its Suricata solution at Interop in Las Vegas, May 8-10, 2012, in the Palm F Suite at the Mandalay Bay Convention Center.

 About Tilera

 Tilera® Corporation is the developer of the highest performance, low power general purpose manycore processors. Tilera is headquartered in San Jose, Calif., with additional locations worldwide. For more information, visit www.tilera.com or follow us on Twitter @Tilera.

Suricata 1.3beta1 Available!

Print
PDF
The OISF development team is proud to announce Suricata 1.3beta1. This is the first beta release for the upcoming 1.3 version. It is the result of major effort by the OISF team with significant help from the community.

Performance and scalability has been a major focus point in this cycle as well as further file inspection and extraction improvements. This has lead massive code changes:

 312 files changed, 29321 insertions(+), 15643 deletions(-)

As a result of these significant changes the release is expected to be of beta quality.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.3beta1.tar.gz


New features

- TLS/SSL handshake parser, tls.subjectdn and tls.issuerdn keywords (#296, contributed by Pierre Chifflier)
- Napatech capture card support (contributed by Randy Caldejon -- nPulse)
- Scripts for looking up files / file md5's at Virus Total and others (contributed by Martin Holste)
- Test mode: -T option to test the config (#271)
- Ringbuffer and zero copy support for AF_PACKET
- Commandline options to list supported app layer protocols and keywords (#344, #414)
- File extraction for HTTP POST request that do not use multipart bodies
- On the fly md5 checksum calculation of extracted files
- Line based file log, in json format
- Basic support for including other yaml files into the main yaml
- New multi pattern engine: ac-bs
- Profiling improvements, added lock profiling code

Improvements

- Improved HTTP CONNECT support in libhtp (#427, Brian Rectanus -- Qualys)
- Unified yaml naming convention, including fallback support (by Nikolay Denev)
- Improved Endace DAG support (#431, Jason Ish -- Endace)
- New default runmode: "autofp" (#433)
- Major rewrite of flow engine, improving scalability.
- Improved http_stat_msg and http_stat_code keywords (#394)
- Improved scalability for Tag and Threshold subsystems
- Made the rule keyword parser much stricter in detecting syntax errors
- Split "file" output into "file-store" and "file-log" outputs
- Much improved file extraction

Fixes

- CUDA build fixes (#421)
- Various FP's reported by Rmkml (#403, #405, #411)
- IPv6 decoding and detection issues (reported by Michel Sarborde)
- PCAP logging crash (#422)
- Fixed many (potential) issues with the help of the Coverity source code analyser
- Fixed several (potential) issues with the help of the cppcheck and clang/scan-build source code analysers

Credits

We'd like to thank the following people and corporations for their contributions and feedback:

  Brian Rectanus -- Qualys
  Randy Caldejon -- nPulse
  Pierre Chifflier
  Coverity
  Nikolay Denev
  Endace -- Jason Ish
  Martin Holste
  Napatech
  Rmkml
  Michel Sarborde
  Chris Wakelin
  Joshua White

  And of course new OISF dev Xavier Lange!

Known issues & missing features

In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

Planet Suricata launched

Print
PDF

We are pleased to announce the launch of Planet Suricata. Using the planet software the Planet Suricata site is a convenient aggregator of news, development reports, opinions and howto's about Suricata, both from the official team members and users in the community.

At launch Planet Suricata includes blogs of developers Victor Julien and Eric Leblond and the main OISF site. From the community side with have Doug Burks' Security Onion blog, Edward Fjellskål's gamelinux blog and the Emerging Threats blog. From each of these sources the Suricata related posts will be aggregated on the Planet.

The purpose of the Planet is to make it easier to follow everything about Suricata and at the same time give all the individual blogs more exposure.

Visit it here: https://planet.suricata-ids.org/

 

SRC Joins the OISF Consortium!

Print
PDF
SRC, Inc. has joined the Open Information Security Foundation (OISF) Consortium to provide funding and resources for the development of Suricata!

SRC, a nationally recognized not-for-profit research and development company, has a long history in Information Operations, Special Technical Operations, data mining, visualization, data fusion, and electronic warfare.  SRC brings unique, innovative solutions to the nation's cyber challenges.  SRC is focused on combining operational and technical cyber experts with game-changing technologies to enable our nation to defend its networks and preserve freedom of maneuver in the cyberspace domain. SRC is also developing innovative tools in the cyber domain around insider threat identification, exploitation and analysis of network traffic, non-kinetic mission planning, and data mining.

"The OISF is very excited to have SRC as a member and supporter" says Matt Jonkman, president of the OISF. "Their expertise in a wide range of technologies has already brought some great new capabilities to Suricata." 

Suricata is an Open Source Next-Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but brings new ideas and technologies to the field. 

The OISF consortium (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine. The OISF has formed a multi-national group of the leading software developers in the security industry. In addition to developers and a consortium consisting of leading cyber security companies, OISF has  engaged the open source security community to identify current and future IDS/IPS needs and desires.  OISF's primary goal is to remain on the leading edge of open source IDS/IPS development, community needs and objectives.  This is only attainable if you, the community, get involved.  We welcome participation large and small and have built working groups and mailing lists to engage and educate all interested people and organizations.

 

Suricata Brainstorming Session Feb 7, 2012!

Print
PDF
Don't forget to mark your calendar for tomorrow, 1pm CET (GMT+1), or 7am EST.  
 
IT-Defense Conference 2012, Munich
February 7th, 2012
1:00pm CET (GMT+1)
Leonardo Royal Hotel, Munich
www.leonardo-hotels.com

The primary goal of this Brainstorming Session is to review and adjust the Suricata Development Roadmap. To do this we will outline the current complete features and development status, proposed features from public and private sources, and seek input on these items. This is an open discussion. Let us know what you’d like your IDS/IPS engine to do! 

Major topics for discussion include:

Project Status
Potential Project Contributions
Current Major Features
End Snort-Syntax Follow
Phase 3 Dev Roadmap Review
Docs Update
Consider moving to GPLv3
New Website
Consortium Model Review
OpenDPI/BinPAC/Qosmos

Complimentary food and beverages will be available, please help us plan by emailing This e-mail address is being protected from spambots. You need JavaScript enabled to view it

If you would like to attend remotely via video/audio please also rsvp to allow capacity planning. We intend to use Google+ Hangouts, and Webex as a backup if there are issues. Please watch the OISF website and mailing lists for a link to join prior to the start of the meeting. http://www.openinfosecfoundation.org

We hope to see you there!

Specific technical issues to discuss or re-evaluate:


File Store Management Tool
DNS Preprocessor
IP and DNS Reputation
GeoIP Keyword
SSL Cert Analysis
URL/MD5 Reputation
HTTP Header Good/Bad Anomaly
Global Shared Flowvars
SCADA Preprocessors
File Extraction and Identification
Snortsam Output Plugin - Done
Anomaly Detection Potential
Host/App/OS Table Import



More Articles...