Currently, attacks are so sophisticated that they can thwart the best security systems, especially those that still operate under the assumption that networks can be secured by encryption or firewalls. Kaspersky malware experts provide a set of Suricata rules to leverage global knowledge about sophisticated network threats that escape standard network security controls. This will keep your network safe from threats before they cause extensive breaches and data exfiltration.
Kaspersky Suricata Rules Data Feed is a set of superior and proven IDS/IPS rules that have been used in Kaspersky products and internal infrastructure for many years to detect advanced and emerging threats and to protect Kaspersky users. The rules creation process leverages our expert services such as malware auto-processing, sandboxing, Botfarm, and so on. Now the rules are available for our enterprise customers for use in their network security appliances such as network intrusion detection / prevention systems (IDS/IPS), next generation firewalls (NGFW) and other network security or PCAP processing tools.
The feed covers detection of the following threat categories:
- Botnet C&C
- DNS tunneling
- Hacking Tool
- Daily updates – keep pace with dynamic threat landscape.
- Suricata format compliant
- A fault-tolerant testing infrastructure to provide high-fidelity detection signatures for network threats to minimize false positives
- Numbers or rules: ~5K
- Detection mode (IDS) is set by default (to alert rather than block)
- Detection names are provided as a threat context