ntopng & Suricata: Unifying Visibility with Security

Posted · Add Comment

This week we have presented at Suricon 2019 our work about unifying ntopng with Suricata.

In short:

  • Suricata is a great tool for analysing individual flows but
    • It lacks a GUI
    • It is blind to security threats when they use non-standard ports
    • It is mostly blind to encrypted traffic
    • It does not provide a comprehensive view of the network but it is focusing only on flows.
    • It is able to dissect only about 20 protocols with respect to 250 nDPI supports
    • It is blind with respect to containers
  • ntopng is great but
    • It does not offer signature-based security as Suricata does

So why not combine them together and create a comprehensive tool you can use to merge security and visibility? This allows people to avoid Elastic-based export+visualisation that are not natively merging information, and use Grafana or InfluxDB tools to create great dashboards with network+security data merged properly.

These are our presentation slides in case you are interested to details. Please let us know what you think and enjoy!