Regular readers of this blog and friends of Stamus Networks will know that we are very closely coupled with the Suricata open source development community, the Open Information Security Foundation (OISF), and the annual Suricata developers conference, SuriCon.
After a one year hiatus due to the global pandemic, SuriCon 2021 was held 18-22 October - both virtually and in-person at the Boston Marriott Copley Place in Massachusetts. As an active OISF Consortium member, Stamus Networks was a sponsor of the event.
We checked in with the four Stamus Networks team members who participated in the conference to get their thoughts on this year’s SuriCon.
Our CEO, Ken Gramley and our Director of Systems Engineering, Phil Owens attended in person while CTO, Éric Leblond and CSO, Peter Manev participated remotely from Paris, France and Gothenburg, Sweden, respectively.
Check out this video in which each shares their key highlights from SuriCon 2021.
Video Interview of the Stamus Networks Team
This year’s hybrid-style event combined live content as well as pre-recorded materials with live Q&A.
Peter and Éric led a 2-day live Suricata training workshop in the days leading up to the main program, and the two presented material in four other sessions during the week.
During the recorded conversations, several common themes emerged which we describe below.
Strong Suricata Community Participation
Each of our representatives mentioned the impressive commitment that the community made to participate virtually from around the globe, often during times that were very inconvenient given their location.
Ken was particularly impressed with the contribution of the development community who “in the middle of a pandemic,” were still able to “further the goals of Suricata.” He added that because of their participation, “it was a hugely successful event.”
Peter also relished in the commitment and the strong sense of community, noting that “people came from different parts of the world and different time zones, onsite and offsite, and stayed until the very end.” He later remarked that it was through his participation in this community of people who share a common purpose and a common interest that he came to meet Eric Leblond which ultimately led to the formation of Stamus Networks.
For Phil, he was impressed with the participation of the global audience who were “online at 3 am their time, and they looked bright-eyed and really ready to actually participate in the conference … it was pretty phenomenal” and showed the dedication of the whole Suricata community.
It was “wonderful to be able to share with people with the chat and with the video - it was fun and we were missing that alot,” said Éric Leblond. “It was really nice to see everyone once more”
Kudos to OISF for a Great Event
Hosting a hybrid event is an extremely difficult endeavor. With the audience and presenters both onsite and remote, keeping everyone involved and engaged takes a tremendous amount of coordination, technology and even a little luck.
Our team onsite was really impressed with the event logistics and the OISF, in particular. “I could not imagine anyone doing a better job,” said Ken Gramley who participated in-person. We had “three days of events, and it went without a hitch.”
Phil Owens was also onsite and had a similar experience, noting that “it was one of the best hybrid approaches I’ve ever seen.”
Although the guys who participated remotely had a completely different experience, their reaction was similar. “As part of the OISF team and in my role as an OISF board member, I was offsite and yet I managed to feel like I was right there and part of the team,“ said Éric Leblond.
That said, the remote team still missed the in-person human experience and spending time with their colleagues and the Suricata community. The team “really missed being with the people; being in front of the people; and actually looking them in the eye,” said Peter Manev. “That part I really missed.”
Notable Contributions from Stamus Networks
Ken, Éric and Peter each had moments of pride that struck them during the event.
Ken recalled realizing that “users still struggle to deal with the number of alerts that Suricata produces.” For him, it was very gratifying to sit in the audience knowing that we at Stamus Networks have developed a solution where “we help them sort through all of those alerts to get to those that are important and essential for their response.”
Éric noted that he was very pleased with discussions around one of his talks. ‘It’s selfish, but one of my talks on conditional pcap logging [was highly anticipated and] a lot of people reacted to it because they really want this feature inside Suricata,” he said, adding that he was really happy to have been able to make the time to contribute this feature as part of his work at Stamus Networks. “And I hope it will be included in Suricata 7,” he added, which seems likely after the roadmap review that took place during SuriCon. Watch Éric’s talk here >>.
For his part, Peter Manev was gratified to know that we at Stamus Networks - through the recently released open source SELKS on Docker - “still hold the record for the fastest showcase of what Suricata can do … 2 minutes [from download to a fully functional system].” He explained that Stamus Networks created the SELKS turnkey Suricata implementation as a way to showcase the power of Suricata via an open source contribution. And the recent Docker version makes getting started with Suricata even easier and faster. Read more about SELKS on Docker here >>.
More End-User Participation Could Improve the Event
Phil noticed that the few user-focused talks did not receive much engagement from the audience. This led him to conclude that “we didn’t really have a whole lot of participation from the [Suricata] user community.”
“Ideally I would like to see more end users - as in analysts and incident responders - actually attend the conference,” said Peter Manev.
Echoing a similar theme and brainstorming aloud, Ken remarked that users might benefit from separate conference tracks with content just for them. This way, users won’t have to “sit through all of the developer talks and the developers don’t have to sit through all the user talks.”
Having a Little Fun with the Hybrid Event Format
Stamus CEO Ken Gramley took great pleasure in taunting our remote team members Eric and Peter who were on camera live and visible to those onsite throughout the event. One of his goals for all three days was to get Éric and Peter to laugh on screen while nobody knew why they were laughing.” His techniques varied, but they nearly all involved private messages and there are rumors that cat memes may have been involved. Apparently he was successful, noting that he “did get [Éric] to cover his mouth numerous times” to hide his laughter.
Peter was also the subject of a little harassment from Suricata and OISF founder, Matt Jonkman. Noting that Peter and lead Suricata developer, Victor Julien were each on the Zoom call wearing the same t-shirt from SuriCon Amsterdam, Matt referred to Peter and Victor as “Thing 1 and Thing 2.”
Resources from Stamus Networks Participation at SuriCon 2021
As you can see, the Stamus Networks team was heavily invested in the success of SuriCon 2021. The following is a list of resources, including blogs and the video recordings of our team’s presentations:
Stamus Networks to Share Suricata Expertise and Insights in Five Sessions at Suricon 2021
- Press Release (https://www.stamus-networks.com/pr/19-oct-2021)
Efficient Suricata - Migrating from Millions of Events to Manageable Insights
- Speakers: Éric Leblond and Peter Manev
- Presentation video (https://youtu.be/gn-oofUbipA)
- Related blog article (https://www.stamus-networks.com/blog/efficient-suricata-events)
The Art of QA GitLab Automation
- Speakers: Peter Manev and Corey Thomas (OISF)
- Presentation video (https://youtu.be/_vGxgfoONzI)
- Related blog article (https://www.stamus-networks.com/blog/the-art-of-qa-gitlab-automation-suricon)
Unleash Suricata Superpowers with a Splunk App
- Speaker: Éric Leblond
- Presentation video (https://youtu.be/eAyOqN07Emg)
- Related blog article (https://www.stamus-networks.com/blog/unleash-suricata-superpowers-with-a-splunk-app-at-suricon)
New for Suricata 7: Conditional PCAP
- Speaker: Éric Leblond
- Presentation video (https://youtu.be/f06SW5yaGLY)
- Related blog article (https://www.stamus-networks.com/blog/coming-soon-in-suricata-7-conditional-pcap-suricon)
2-Day Training: Advanced Deployment & Configuration with Suricata
- Trainers: Éric Leblond and Peter Manev
- Related blog article (https://www.stamus-networks.com/blog/advanced-deployment-configuration-with-suricata-at-suricon-2021
Looking Ahead to SuriCon 2022
Stamus Networks will continue to support the OISF and SuriCon, and we look forward to next year’s event which we understand will take place somewhere in Europe.