Sold by: AdvanceCo Inc.
Deployed on AWS
Free Trial
Hardened Suricata 9 engine for AWS. Real-time threat detection and deep packet inspection. Optimized for cloud workloads with professional vendor support and seamless SIEM integration.
Overview
Enterprise-Grade Network Security: Hardened for the AWS Cloud
In 2026, network visibility is the foundation of a Zero Trust architecture. AdvanceCo Inc provides a production-ready deployment of Suricata 9, the industry leading open-source network threat detection engine, packaged specifically for the Amazon Web Services ecosystem.
This AMI removes the operational burden of manual setup. Built on a stable Ubuntu 22.04 LTS foundation, this solution is tuned to leverage AWS features like VPC Traffic Mirroring and Nitro-based instance acceleration.
Key Capabilities:
Advanced Engine Architecture: Suricata 9 utilizes multi-threading to exploit 100 percent of your multi-core CPU resources.
Deep Protocol Analysis: Beyond simple signature matching, Suricata provides metadata extraction for HTTP, DNS, TLS, and SMB traffic.
Modern Encryption Visibility: Enhanced handling of QUIC and TLS 1.3 ensures you maintain visibility into modern encrypted streams.
Hardened Security: This build includes specific kernel-level optimizations to handle high-velocity traffic spikes without packet loss.
The AdvanceCo Advantage: Choosing our supported AMI means you have a partner for your security infrastructure. Our Raleigh-based team provides:
Quarterly Maintenance: We handle Ubuntu kernel security patches and Suricata binary updates.
SIEM Integration: EVE JSON output is ready for ingestion into any modern observability platform.
Performance Tuning: Includes specific configurations not found in community builds for high-throughput networking.
Ideal Use Cases:
Regulatory Compliance: Quickly satisfy requirements for network monitoring in HIPAA and PCI DSS environments.
Cost-Effective Scalability: A powerful alternative to managed firewall services for organizations requiring granular control.
Threat Hunting: Use Network Security Monitoring features to analyze network behavior in real-time.
Highlights
- Suricata 9 Engine Upgrade: Next-generation visibility for QUIC and TLS 1.3 protocols to secure modern encrypted traffic. Performance Tuned: Pre-configured AF-PACKET settings and 128k block sizes for high-speed AWS networking and reduced CPU overhead.
- LDAP and SIP Inspection: Full visibility into lateral movement and voice traffic with native LDAP and SIP over TCP parsers.
- Compliance Ready: EVE JSON logging format for instant integration with AWS Security Hub and meeting PCI DSS 4.0 or SOC 2 audits. Professional Support: Includes OS and software maintenance from the AdvanceCo US-based engineering team.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 22.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m7i.large Recommended | $0.05 |
m8i.4xlarge | $0.05 |
m8i.metal-96xl | $0.05 |
m8id.metal-48xl | $0.05 |
m8i.2xlarge | $0.05 |
m7a.large | $0.05 |
c6i.large | $0.05 |
m8id.48xlarge | $0.05 |
m8i-flex.2xlarge | $0.05 |
m8id.4xlarge | $0.05 |
Vendor refund policy
As is. No refund offered.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Major Engine Upgrade: Suricata 9 We have transitioned our core engine from version 8.x to the Suricata 9.0 architecture. This upgrade prioritizes Zero Trust visibility and high-speed encrypted traffic handling, ensuring your AWS infrastructure remains resilient against modern evasive threats.Key Improvements & New Features:Next-Gen QUIC & TLS Inspection: Enhanced handling of encrypted QUIC traffic with new encryption-handling settings. Users can now choose between bypass, track-only, or full inspection modes to balance security with performance.Native LDAP Parser & Logger: Full visibility into LDAP/LDAPS traffic-critical for identifying credential harvesting and lateral movement within Active Directory or cloud-based directory services.Hardened SIP Over TCP: The SIP (Session Initiation Protocol) parser has been rebuilt to fully inspect traffic carried over TCP, with unified EVE log schemas for both UDP and TCP transport.Optimized AF_PACKET Performance: We have tuned the kernel-level packet capture defaults. The block size has been increased to 128k, allowing for full-size defragmented packets and significantly reducing CPU overhead during high-velocity traffic spikes.Advanced DNS Consistency: DNS logging has been overhauled for better parity between requests, responses, and alerts, simplifying the correlation of complex "Domain Generation Algorithm" (DGA) attacks.IPS Exception Policies: New "Drop-by-Default" policies for mid-stream exceptions, ensuring that if the engine hits a memory cap or processing limit, your network stays protected rather than failing open. To take full advantage of the Suricata 9 upgrade, we recommend the following adjustments to your deployment:
Memory Allocation: With the new 128k AF_PACKET block size, ensure your instance has at least 8GB of RAM (c6i.large or higher) to accommodate the increased buffer space.
Protocol Settings: Review the new app-layer.protocols.quic section in your suricata.yaml to configure your preferred encryption handling.
Hyperscan Caching: This version includes automatic pruning of Hyperscan cache files (7-day default). This keeps your root volume clean and ensures the fastest possible startup times for your IDS/IPS nodes. While the community version of Suricata 9 is in active development, AdvanceCo Inc. provides a "Hardened Stable" fork. We have backported critical security patches and pre-integrated the engine with Ubuntu 22.04 LTS, ensuring that you get the cutting-edge features of version 9 with the stability required for enterprise production.
Support Notice: With this release, we are officially moving Suricata 7.x to "Legacy" status. We encourage all customers to migrate to this version 9.0 build before the Suricata 7.x EOL in July 2026.
Additional details
Usage instructions
Begin with SSH and update OS as needed. Suricata is configured with defaults
Support
Vendor support
Professional Support: Includes OS and software maintenance from the AdvanceCo US-based engineering team.Paid telephone, slack, and software maintenance support is available to customers requiring supported open source products. Find us at https://www.advancecoinc.com/aws-marketplace.html Contact us at secproductsupport@advancecoinc.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Hardened Suricata 9 engine for AWS. Real-time threat detection and deep packet inspection. Optimized for cloud workloads with professional vendor support and seamless SIEM integration.
This product has charges associated with it for maintenance, updates, and optional technical support provided by the seller. Suricata is a high-performance, open-source network threat detection engine that functions as an Intrusion Detection.
Hardened Suricata 9 engine for AWS. Real-time threat detection and deep packet inspection. Optimized for cloud workloads with professional vendor support and seamless SIEM integration.
Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, case management, and much more.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.