I am a huge fan of the Suricata Community!
As I sit here in the airport wearing some conference gear waiting for my 5AM flight home I can’t help but to appreciate that OISF pulled off a great hybrid conference. I’m sad to see #Suricon2021 come to an end.
Pre-Conference Training: Advanced Deployment & Architecture
My employer, All Digital Rewards was awesome enough to send me to the Advanced Deployment & Architecture training. The training was lead by Peter Manev and dove deep into performance tuning Suricata to get the most out of it in many different configurations. Eric covered many in-depth topics about hardware specific configuration and tuning techniques. Peter built on this and expanded to cover cloud installations, rule tuning and even touched on LUA usage. While the training did not specifically cover the topics of Kubernetes, I was able to work with the trainers to begin solving the problems I’m facing with getting intrusion detection sensors installed and operating efficiently within a Kubernetes service mesh.
The pre-conference training was both live and in-person this year. It was held in a room in the library of the Wentworth institute of technology. Unfortunately, due to travel restrictions, the trainers for the Advanced Deployment & Architecture course were not able to be on campus with us but Josh Stroschein who was instructing the Intrusion Analysis and Threat Hunting with Suricata course was able to be on campus along with Jason Ish who was able to support students on both courses. Students for both courses were in-person and remote. Overall, the training was coordinated and delivered effectively.
I’m not a network security analyst and All Digital Rewards has very specific network security requirements so my interest was quite heavily focused on the talks that covered cloud sensor installation and operation. My favorite talk was Enabling Suricata in the Cloud at Scale using DPDK by Jordi Ros-Giralt. This talk provided a lot of beneficial information regarding configuration and setup options to increase the overall efficiency of cloud sensor installation and use.
Despite not being able to really offer heavily productive input myself, I really appreciated being a part of the Suricata road map conversation at the end of each day of the conference. At the end of each day the whole OISF team opened the floor to all virtual and in-person attendees to discuss and shape the future of Suricata after Victor Julien shared the progress from last year and the current direction of Suricata.
The capture the flag competition was great fun. Despite being fairly novice to Suricata, I was able to team up with Mauno Pihelgas and together we were able to secure a 3rd place win! I wager he could have managed the win without me but never the less, I really enjoyed the challenge and it drove quite a bit of focused learning. I especially enjoyed the threat hunting challenges.
The organizers of Suricon2021 had setup a channel on Discord to coordinate activities after the conference closed each day. I was overloaded with information so I ended up spending most evenings in my room decompressing from the day but I did get out one evening and enjoyed the beautiful city scape sunrise every morning with a Jog or from the gym.