Suricata and XDP, Performance with an S like Security

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration)

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in the domain of security. A special focus lies on Suricata that uses this technology to enhance its performance and by consequence on the accuracy of its network analysis and detection.

Presenters:

• Eric Leblond - OISF
  Éric Leblond is an active member of the open source community. Since 2009 he works on the development of Suricata, the open source IDS/IPS, and he is currently one of the Suricata core developers. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He is also one of the founders of Stamus Networks, a company providing security solutions based on Suricata.

Links:

• https://deepsec.net/archive/2018.deepsec.net/speaker.html#PSLOT350

Similar Presentations:

• ToorCamp 2022 / Extra Better Program Finagling (eBPF) for Attack and Defense
• Black Hat USA 2021 / With Friends Like eBPF, Who Needs Enemies?
• ToorCon San Diego 2021 / Extra Better Program Finagling (eBPF) for Attack and Defense