What is an IDS and Network Security Monitoring in 2023? Monitoring, Detection, challenges and solutions while chasing APTs, CVEs and Ransomware.

Challenges keep raising the bar for the security monitoring systems to deal with. From limiting visibility resulting to more and wider encryption adoption to log volumes, to sophistication and amplification of malware attacks and threat actors. When multiple systems and integrations are involved the defenders are even more overwhelmed with engineering related tasks.

APTs and malware actors use any means necessary at their disposal. So should the blue teams around the globe. The need for more visibility and faster response arises dramatically. Being able to have full network forensic evidence - including protocol, flow file transactions and packet capture to support the IDS generated alerts - is essential for defenders. However the sheer volume and infra needs can be prohibitive for many deployments scenarios as it is not always only related to just cost. If Open Standard is a key element in lowering the cost and complexity of integration, information sharing is a key element in getting fast detection and reaction.

In this talk we will walk through some of the challenges that Suricata faces and has solved as it keeps evolving. All that while doing an actual hands on review of real life examples of CVEs exploits and APT, Ransomware proliferation.