The Open Information Security Foundation (OISF) has announced the introduction of Suricata 1.0, an open source engine for Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) that will secure networks against next-generation network security threats. Available immediately for download under the Open Source GPL (GNU General Public License) version 2, Suricata includes innovative new features that will enable it to identify and prevent more of the pressing security concerns faced by organisations today.

Suricata is the result of more than two years of development led by the OISF and includes contributions from more than 25 developers, who have collaborated to produce many major advances in IDS technology. The OISF initiated the project with funding from the U.S. Department of Homeland Security, and a consortium of private organisations have contributed to the project, including IT security companies such as Endace, Everis and NitroSecurity. The project has been designed to facilitate community, commercial and government collaboration in a safe and mutually beneficial environment.

“In today’s changing threat landscape, current defenses are being outflanked by attackers, and a new high performance IDS engine is needed to address many of today’s highly sophisticated attacks,” said Matt Jonkman, president of the OISF. “The mission of Suricata and of the OISF is to create an engine that will allow IDS solutions to detect and prevent these newer, more sophisticated types of attacks. We are pleased that such a large community—thousands of people—are already involved with Suricata and see the benefits it can provide to the IT security community.”

Several characteristics of Suricata make it appropriate for tackling today’s security threats including:

• An open source engine. The power of the community works well within IT security defenses, as a community is more effective than a single organisation at capturing characteristics of emerging threats.* Multi-threaded. A multi-threaded architecture allows the engine to take advantage of the multiple core and multiple processor architectures of today’s systems.
• Supports IP reputation. By incorporating reputation and signatures into its engine, Suricata can flag traffic from known nefarious origins.
• Automated protocol detection. Preprocessors automatically identify the protocol used in a network stream and apply the appropriate rules, regardless of numerical port.

“Open source has a long tradition of making available safe, reviewed code that is an alternative to proprietary applications,” said Richard Stiennon, Chief Research Analyst, IT-Harvest. “With Suricata, the open source community is giving us an alternative to a technology (SNORT) that is getting old and has not kept up with the changing threatscape.”