2025-10-25 –, Track 3 - Room 2400
Suricata, the high-performance, open-source network threat detection engine developed by the Open Information Security Foundation (OISF), is widely deployed for intrusion detection, intrusion prevention, and network security monitoring. In this talk, I’ll provide a brief technical overview of Suricata’s architecture and delve into the new features in the latest release, 8.0. Highlights include performance enhancements, expanded protocol parsing, improved multi-threading efficiency, and improved support for inline deployments with firewalls. I’ll focus on the initiative for this release – “if you log it, you can use it in a rule”. I’ll walk through key use cases, explain how these updates improve detection fidelity and operational flexibility, and share practical tips for maximizing the new features in production environments.
Jeff Lucovsky has been a core Suricata developer since 2019 and has made significant contributions to various areas of Suricata. Jeff is also a Principal Software Engineer at Corelight, where his primary focus is to oversee the development and deployment of Suricata across Corelight’s sensors. He is also a technical lead for Corelight’s performance engineering team.