$2,000

Advanced Deployment & Configuration with Suricata @ SuriCon 2021

Actions and Detail Panel

$2,000

Event Information

Location

Location

Boston Marriott Copley Place

110 Huntington Avenue

Boston, MA 02116

View Map

Refund Policy

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Event description
Join us the Monday/Tuesday before SuriCon 2021 in Boston, MA & learn firsthand alongside our leading Suricata developers!

About this Event

Suricata is a high-performance Network IDS, IPS and Network Security Monitoring engine sought after around the world. Open-source and managed by a community, Suricata is a part of the non-profit foundation; the Open Information Security Foundation (OISF). OISF’s mission is to remain on the leading edge of open source IDS/IPS development by welcoming in open sources technologies looking for a community to support them.

This 2-day advanced user training led by Suricata's lead developers is being held the same week as SuriCon 2018 - join us for both and receive a 20% discount on this training!

To received your discount:

  • Register for SuriCon by visiting www.suricon.net.
  • Email us at info@oisf.net and let us know you are coming to SuriCon
  • We will give you a one-time-only link to register for this training with the 20% discount.

Why should you come?

Developers and security professionals will walk away with a greater proficiency in Suricata’s core technology and will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s developers.

A sample of the topics that will be covered:

Day 1:

  • Advanced performance factors and tuning techniques
  • Capture methods and run modes
  • Detection engine and multi-pattern matchers
  • Rules, rulesets and rule syntax and optimization
  • Extending rules and outputs with Lua scripting
  • Automatic protocol detection and anomaly detection
  • File extraction: HTTP, SMTP, NFS, FTP/SMBv1-3
  • PCAP processing
  • Tuning principles

Day 2:

  • Enterprise Architecture
  • IDS / IPS / IDPS / NSM deployment and setup
  • Server HW / NIC / CPU architecture and selection process
  • Virtual deployment considerations/tips and tricks
  • Positive and negative packet loss
  • Capture considerations
  • Numa, CPU affinity, threading and NIC RSS hashing
  • Flows and elephant flows
  • eXpress Data Path (XDP)
  • Troubleshooting system overloads
  • Managing outputs
  • Integration with other Security Tools and Data Stores
  • Make sense out of millions events on the wire

Pre-requisites:

  • This is an intermediate to advanced level course. Students should have the following knowledge to get the most out of this training:
  • Basic experience with installing, compiling, configuring and running Suricata is a must.
  • Hands on Linux command line
  • TCP/IP networking

Abstract - Short Course Description:

Network-based threat detection is crucial for developing a comprehensive security strategy, whether it is on-premise or in the cloud. In Advanced Deployment and Architecture for Network Traffic Analysis, you will learn how to maximize the visibility that Suricata can provide into your network. You will gain deep technical understanding and hands-on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios. Tuning and optimizing Suricata for threat/anomaly detection, file extraction, and/or protocol detection are critical for a successful deployment. You will also learn traditional and non-traditional tips, tricks, and techniques to implement Suricata and its newest features based on real-world deployment experiences, to include cloud-based deployments. This class also offers a unique opportunity to bring in-depth use cases, questions, and challenges directly to the Suricata team. By the end of this course, you will be able to successfully design, deploy, implement, optimize and hunt with your high-performance Suricata deployment.

Full Course Description:

The foundation for effective intrusion detection and response is based on proper sensor placement and configuration. Sensor placement is crucial for developing a comprehensive network security and monitoring solution. Misconfigurations and improper placement can lead to gaps in network visibility, which can allow attackers to go undetected for prolonged periods of time and to penetrate deeper into your network. In Suricata Advanced Deployment and Architecture, you will learn the skills necessary to successfully design, deploy and optimize a high-performance network monitoring and security solution. Filled with hands-on exercises and comprehensive demonstrations, this class will elevate your skills to maximize your network visibility and data management with Suricata. By the end of this course you will deep technical understanding and hands on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios.

This course will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricata’s detection engine and multi-pattern matchers. Discover how to expand Suricata’s detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team. Take your deployment and configuration skills to an expert level with Suricata Advanced Deployment and Architecture!

We hope to see you there!

Net proceeds from this and all OISF's training events go directly to funding Suricata's development and OISF's mission to supporting open source security technologies. For questions about this event or about becoming a member of the OISF community please contact us at info@oisf.net.

Share with friends

Location

Boston Marriott Copley Place

110 Huntington Avenue

Boston, MA 02116

View Map

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved