Overview

Suricata is one of the most widely used Intrusion Detection and Prevention Systems (IDS/IPS). However, as an open-source solution, its visibility is limited making it blind to certain types of advanced threats. It also generates a large number of false positive alerts and consumes considerable hardware resources. This can severely reduce its effectiveness.
Enea’s Qosmos ixEngine® is a deep packet inspection (DPI) engine that uses advanced traffic identification and specially developed techniques to bring full traffic visibility to cybersecurity solutions while optimizing resources. It can now be integrated with Suricata to enhance accuracy and performance and significantly improve threat detection.
Recognizing more protocols and applications than any other commercial DPI engine, it provides granular insights into network activity and can even detect threats cloaked by evasive techniques such as tunneling, encryption, and spoofing. This highly detailed traffic classification combines with contextual traffic metadata to improve threat hunting and forensics and can also reduce the number of alerts by a factor of 10. Qosmos ixEngine’s expanded application and protocol recognition can be used to improve whitelists and blacklists, even for encrypted traffic.
Qosmos ixEngine integrates easily and seamlessly with Suricata, preserving the existing work environment, including rules and alert management, so that it has minimal impact on existing processes. It also optimizes use of system resources, dividing requirements for memory, CPU resources and data storage by a factor of 2.