Suricata is a high-performance network threat detection, IDS, IPS and network security monitoring (NSM) engine. It is open source and owned by a community-run nonprofit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and a passionate community of volunteers.
From its humble beginnings in 2008 as a signature-based intrusion detection system (IDS), Suricata has now grown into a powerful IDS/IPS/NSM and evolved to include full-featured packet capture, scripting, and network security monitoring capabilities.
However, building out an enterprise-scale deployment of Suricata with mostly open source tools can be a challenge.
In this white paper we outline five ways to improve the scalability of Suricata in an enterprise deployment. In each case, we try to offer a free or open source choice and in some cases we identify straightforward commercial solutions that can provide a fully-supported alternative.