Bro and Suricata Multi-Engine Inspection
Cyber adversaries are adept at obfuscating their attacks and changing their tactics, techniques and procedures (TTPs) to evade detection. Security professionals need flexible network monitoring solutions that can easily adapt.
Conventional IDS/IPS systems have lacked the innovation needed to address advanced threats, evidenced by the wide-scale adoption of Open Source solutions. Bro and Suricata are two of the leading engines many teams are using to create tools; but like most open source technologies, they can be difficult to build, deploy and maintain in-house without the right expertise.
Bricata is closing the gap with our solutions by delivering the first network security sensors with integrated Bro and Suricata engines. We simplify operations and maintenance with a middleware layer and central management console that makes signature, script and policy management much easier, and delivers enterprise scalability with enhanced usability and performance.
Bro is a powerful network analysis framework.
- Meta-data, alert enrichment
- Behavior baselining and hunting
- Anomaly detection
- Statistical based detection
Suricata is an open source, mature, fast and robust network threat detection engine.
- Multi-threaded signature based detection
- Real time intrusion detection (IDS), inline intrusion prevention (IPS),
network security monitoring (NSM), and offline pcap processing
- ET Pro