$1,799.99 – $2,000

Suricata Advanced Deployment and Architecture - Washington, DC

Event Information

Share this event

Date and Time

Location

Location

MicroTek

1110 Vermont Avenue Northwest

#700

Washington, DC 20005

View Map

Refund Policy

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Event description
Network-based threat detection is crucial for developing a comprehensive security strategy, whether it is on-premise or in the cloud.

About this Event

The foundation for effective intrusion detection and response is based on proper sensor placement and configuration. Sensor placement is crucial for developing a comprehensive network security and monitoring solution. Misconfigurations and improper placement can lead to gaps in network visibility, which can allow attackers to go undetected for prolonged periods of time and to penetrate deeper into your network. In Suricata Advanced Deployment and Architecture, you will learn the skills necessary to successfully design, deploy and optimize a high-performance network monitoring and security solution. Filled with hands-on exercises and comprehensive demonstrations, this class will elevate your skills to maximize your network visibility and data management with Suricata. By the end of this course you will deep technical understanding and hands on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios.

This course will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricata’s detection engine and multi-pattern matchers. Discover how to expand Suricata’s detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team. Take your deployment and configuration skills to an expert level with Suricata Advanced Deployment and Architecture!

Course Schedule

Day 1:

  • Advanced performance factors and tuning techniques
  • Capture methods and run modes
  • Detection engine and multi-pattern matchers
  • Rules, rulesets and rule syntax and optimization
  • Extending rules and outputs with Lua scripting
  • Automatic protocol detection and anomaly detection
  • File extraction: HTTP, SMTP, NFS, FTP/SMBv1-3
  • PCAP processing
  • Tuning principles

Day 2:

  • Enterprise Architecture
  • IDS / IPS / IDPS / NSM deployment and setup
  • Server HW / NIC / CPU architecture and selection process
  • Virtual deployment considerations/tips and tricks
  • Positive and negative packet loss
  • Capture considerations
  • Numa, CPU affinity, threading and NIC RSS hashing
  • Flows and elephant flows
  • eXpress Data Path (XDP)
  • Troubleshooting system overloads
  • Managing outputs
  • Integration with other Security Tools and Data Stores
  • Make sense out of millions events on the wire

Who Should Attend:

  • Infra Security and Application Operations
  • Network Security Administrators
  • Security Architects/Engineers
  • Security Analysts
  • Malware Analysts
  • Network Engineers

Student Requirements:

  • Basic experience with installing, compiling, configuring and running Suricata is a must.
  • Hands on Linux command line
  • TCP/IP networking

Share with friends

Date and Time

Location

MicroTek

1110 Vermont Avenue Northwest

#700

Washington, DC 20005

View Map

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved