Building an Open Source IDS/IPS Service on AWS with Suricata
2.7 هزار بار بازدید -
3 سال پیش
-
Presented at SuriCon 2021 by
Presented at SuriCon 2021 by Nick Coval & Adam Palmer
OISF and AWS recently worked together on the integration of Suricata and AWS Network Firewall; specifically on the enhancement of the Suricata code to support the Generic Network Virtualization Encapsulation (GENEVE) protocol. Internally, AWS Network Firewall uses the AWS Gateway Load Balancer Service (GWLB) which enables AWS to provide customers with a simple, elastic and scalable firewall service.
The GWLB service launched with support from AWS Marketplace partners. These partners provide network security appliances that enable customers to perform varying levels of packet inspection on flows that pass through them, taking action as necessary and as defined within their configuration. Whilst for some customers, using a partner supplied instance is a preferred choice (perhaps due to existing licensing, expertise or a specific capability), there is a segment of customer that wishes to benefit from all the capabilities that GWLB as a framework provides, but does not have any of the aforementioned considerations. For these customers, embracing open-source capabilities can make sense.
In this talk, we outline how we built a quick-start solution on AWS that creates a Suricata-based solution, powered by GWLB; enabling centralized and distributed deployment models.
OISF and AWS recently worked together on the integration of Suricata and AWS Network Firewall; specifically on the enhancement of the Suricata code to support the Generic Network Virtualization Encapsulation (GENEVE) protocol. Internally, AWS Network Firewall uses the AWS Gateway Load Balancer Service (GWLB) which enables AWS to provide customers with a simple, elastic and scalable firewall service.
The GWLB service launched with support from AWS Marketplace partners. These partners provide network security appliances that enable customers to perform varying levels of packet inspection on flows that pass through them, taking action as necessary and as defined within their configuration. Whilst for some customers, using a partner supplied instance is a preferred choice (perhaps due to existing licensing, expertise or a specific capability), there is a segment of customer that wishes to benefit from all the capabilities that GWLB as a framework provides, but does not have any of the aforementioned considerations. For these customers, embracing open-source capabilities can make sense.
In this talk, we outline how we built a quick-start solution on AWS that creates a Suricata-based solution, powered by GWLB; enabling centralized and distributed deployment models.
3 سال پیش
در تاریخ 1400/08/12 منتشر شده
است.
2,706
بـار بازدید شده