Company Name: Red Piranha
Announcement Date: 22/08/2019
Announcement Category: Product launch/update
Red Piranha’s Crystal Eye UTM appliances are multi-core systems that enable multi-threaded applications to use the underlying hardware for high performance. Multi-threading scales the system by adding more threads for running different applications which inspect the incoming traffic before transmitting it to the protected network.
One such application running on Crystal Eye appliances for Intrusion Detection and Protection System (IDPS) is the Suricata engine. Suricata is a high performance, multi-threaded IDS, IPS and Network Monitoring engine that can handle gigabits of traffic without any losses. Since failure to inspect a single packet can lead to unwanted intrusions to a network, Crystal Eye uses Suricata to implement high-speed, lossless and highly secure networks.
In our efforts to tune the Crystal Eye appliances to give best performance in high speed networks, Red Piranha has successfully achieved 60Gbps Suricata throughput in the lab on a single commodity hardware 2U unit.
// Test Configuration
Tests were performed on a series 80 dual-socket, dual Xeon E5-2697v4 CPU (HT enabled, total 72 cores), 128Gb RAM running Ubuntu 18.04.2 LTS. 2 x dual-port Intel XL-710 40GbE cards were used for receiving the traffic. Traffic was replayed by TRex traffic generator running on a similar setup. For achieving 60Gbps traffic, a total of 6.2 Mpps were generated by TRex that were handled without loss by a single Suricata instance running in IDS mode. Suricata was instantiated with 14312 signatures Emerging Threats ruleset.
// Traffic Details
We harnessed TRex’s capability of generating stateful traffic using profiles that closely simulated an enterprise network. It had a mix of HTTPs/HTTP browsing data (76%), real-time applications like VoIP, Video captures (12%) in addition to other enterprise traffic replays (12%). Traffic was mostly small realistic flows instead of elephant flows.
// Key Configurations
The test setup was tuned for high performance at the system and application (Suricata) level. Some of the key configurations and tuning performed on the setup were:
- Maintain NUMA locality to the CPU cores.
- Maximize L3 cache hits to handle high traffic rates
- Enable receive side hashing of the traffic to distribute traffic evenly to multiple Suricata worker threads.
- Pin CPU cores to Suricata worker threads and isolate these threads from other user processes.
-Run all other housekeeping tasks on the remaining cores.
// Performance Improvements
Traffic was tested on a normal setup and a tuned setup. The untuned system in our lab did not have NIC tuning and was running default Suricata configs with only memcap modifications for handling high speeds. It was observed that Suricata was not able to handle packets at wire speed and encountered drops on such a system. A tuned system was able to receive the Suricata throughput to 60Gbps as observed in our setup.
// Future Work
The setup used in these tests is the current configuration of Red Piranha’s Crystal Eye Series-80 UTM appliances. These appliances are ideal for high-end security solutions for telecoms or large IT needs. Similar tuning will be performed with the Crystal Eye firmware for different appliances to achieve the best performance for different traffic rates.
Announcement URL: https://redpiranha.net/news/red-piranha-raises-bar-60-gbps-suricata-throughput
About Red Piranha:
At Red Piranha, we came up with a simple concept: a holistic security solution that works. Recruiting a team of experts from around the globe – from engineers to academics to ethical hackers – we worked to develop the most exhaustive and effective security controls available on the market.
In 2013, we integrated the threat intelligence platform DNS.insure into the development of the Crystal Eye Unified Threat Management system for advanced cloud and on-premise protection. Since then, we've developed additional capability around threat detection and incident response along with the integration of other advanced security capabilities to evolve into the Crystal Eye XDR platform.
The result? A comprehensive platform of threat management tools that ensures advanced protection, threat detection and incident response.
Because when our most valuable assets are digital, quick fixes shouldn’t be the status quo – and shrouding them in a fog of confusion shouldn’t be either. At Red Piranha, we believe having the safest, most reliable information security system is everyone’s right – regardless of industry or budget.
Our philosophy is clear. End-to-end protection for your enterprise that meets ever-changing compliance regulations. We’re committed to offering superior security products and services at an accessible price, so even small to medium businesses can enjoy ironclad information protection.
Our Pioneering Products
We have developed Crystal Eye - one of the first Extended Detection & Response (XDR) platforms available on the market that aims to address all of an organisation's security needs to protect, detect and respond to sophisticated cyber threats. This features rapid deployment, simple configuration and customizable alert tuning to reduce administrative burden. Our systems are developed at our Red Piranha facilities under rigorous quality control standards to ensure you receive reliable, state-of-the-art hardware and our innovative software solutions.
Red Piranha is an Australian-based cybersecurity products and services company which officially launched in 2015. Now an ISO 27001 certified organisation with a global presence servicing large and small clients and partners across multiple industry sectors:
- Critical Infrastructure
- Financial Services
Named in the “Top 20 Companies to Watch” by Insight Success Magazine, Red Piranha is highly regarded and recognised within the information security sector. So much so, that Red Piranha was invited by the Australian Federal Government to join the Australian Government’s ASEAN 2018 Cyber Security Mission, partnering with AustCyber and the Australian Trade Commission (Austrade).
Go to Company Profile for: Red Piranha
Announcement Contact: [email protected]