This week we have presented at Suricon 2019 our work about unifying ntopng with Suricata.
https://youtu.be/g7NFjeSQG0c
In short:
- Suricata is a great tool for analysing individual flows but
- It lacks a GUI
- It is blind to security threats when they use non-standard ports
- It is mostly blind to encrypted traffic
- It does not provide a comprehensive view of the network but it is focusing only on flows.
- It is able to dissect only about 20 protocols with respect to 250 nDPI supports
- It is blind with respect to containers
- ntopng is great but
- It does not offer signature-based security as Suricata does
So why not combine them together and create a comprehensive tool you can use to merge security and visibility? This allows people to avoid Elastic-based export+visualisation that are not natively merging information, and use Grafana or InfluxDB tools to create great dashboards with network+security data merged properly.
These are our presentation slides in case you are interested to details. Please let us know what you think and enjoy!