Forgot your password?
typodupeerror
Security Linux Technology

New Open Source Intrusion Detector Suricata Released 44

Posted by timothy
from the open-but-not-promiscuous dept.
richrumble writes "The OISF has released the beta version of the Suricata IDS/IPS engine: The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU cards."
This discussion has been archived. No new comments can be posted.

New Open Source Intrusion Detector Suricata Released

Comments Filter:
  • Innovation (Score:5, Insightful)

    by Reason58 (775044) on Thursday December 31, 2009 @04:49PM (#30610198)

    This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

    Sweet! What are some examples of things this does that no other solution provides?

  • huh (Score:4, Insightful)

    by dropadrop (1057046) on Thursday December 31, 2009 @04:54PM (#30610236)
    While there is some information available on the site, it's still pretty sparse. Is this a whole framework? They refer to engine, but do they mean a detection engine or also a correlation engine? This area really needs more open source innovation, commercial solutions are ridiculously expensive for small / mid sized companies, and the only "complete" IDS option I know of for the moment is Ossim (which has extremly lacking documentation).
  • Dangerous (Score:2, Insightful)

    by Anonymous Coward on Thursday December 31, 2009 @04:58PM (#30610290)

    The feautres look indeed promising. On the other hand, the more complicated an IDS/IPS gets, the more likely it will become a new attack vector itself.

    Hopefully it is implemented well...

nohup rm -fr /&

Working...