Abstract
Suricata is a high-performance, multi-threaded Network IDS, IPS and Network Security Monitoring engine that can monitor networks in real time to protect against attacks. With its diverse features, Suricata is the choice of modern Unified Threat Management (UTM) systems to help networks secure their boundaries. As the network capacity increases to 40Gbps and beyond, it becomes important to tune Suricata to provide a lossless detection to the network. This paper describes the different tunings that were done to Red Piranha's Crystal Eye appliances to achieve 60Gbps Suricata throughput. Suricata throughput, as described in this paper, defines the amount of data that can be handled by Suricata engine without any drops. We describe the hardware configurations as well as the Suricata configurations that can help achieve high detection rates. We have also added the test results for single NIC and dual NIC systems and discussed the impact of hardware on Suricata performance.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
