Pre-SuriCon 2025 Webinar with Soner Tari! -- September 25

jufajardini · September 19, 2025, 7:51pm

Are we starting a new tradition? Hopefully!

The Pre-SuriCon webinars are back, to keep increasing the hype for your yearly meerkat conference

This September 25, Soner Tari is the first of the season, with his FOSS Active Inline IPS: Unlocking Deep Inspection of Encrypted Traffic with ICAP, Suricata, and SSLproxy.

Encrypted network traffic, increasingly prevalent with new extensions like ESNI/ECH, presents a growing “blind spot” for traditional IDS/IPS. Passive monitoring and shallow inspection falls short, necessitating active inline solutions capable of deep inspection into encrypted streams for real-time threat prevention. This webinar is based on a comprehensive three-part article series, dives into the engineering challenges and open-source solutions for building such capabilities within FOSS IPS.

Part 1 of the series details the evolving threat landscape, emphasizing why decryption and active inline prevention are indispensable for effective security.

Part 2 explores initial attempts, specifically how SSLproxy can redirect decrypted traffic to Snort using divert sockets on UTMFW. It critically examines the complexities of maintaining crucial network context and the limitations faced by a preprocessor-based approach in handling initial TCP handshake packets and flow state.

Part 3 proposes a robust, standardized path forward: extending the Internet Content Adaptation Protocol (ICAP) and developing a new DAQ module acting as an ICAP server. By embedding original 5-tuple information via custom X-headers and leveraging ICAP’s native support for binary payloads, decrypted traffic can be seamlessly fed to IDS/IPS engines.

The webinar will highlight the technical specifics of this ICAP-based integration to realize a new era of proactive FOSS network security.

Soner Tari is a dedicated Open-Source Cybersecurity Developer and Maintainer with over 18 years of experience in network defense. He specializes in deep packet inspection and encrypted traffic analysis, having created and evolved FOSS tools like SSLproxy and UTMFW. His work focuses on bridging the gap between pervasive encryption and real-time threat prevention for IDS/IPS.
Explore his projects on sonertari (Soner Tari) · GitHub.

Save the date:
- September 25
- 2 pm UTC

Register to attend via Zoom: Webinar Registration - Zoom

And if you want even more Suricata, maybe you can join us for SuriCon Montreal from November 19-21, and attend the pre-SuriCon training!

Check suricon.net for training details, agenda, tickets, archives and more.

Soner_Tari · September 23, 2025, 1:59pm

Have you ever wondered if an open-source IDS/IPS can really handle encrypted traffic?

In just two days, I’ll be answering that question and showing you how my open-source tools can solve this very problem.

I’ve included a link to my full presentation slides for a sneak peek at what’s to come: SuriCon Webinar - Google Slides

If you have questions about tackling encrypted traffic with FOSS tools, I’ll do my best to answer them live.

jufajardini · September 25, 2025, 6:03pm

Missed the webinar, want to share, or re-watch?

It’s up on YouTube! https://youtu.be/MucyKSPpw1c?si=patK6vTtSHemkxNe

We hope you enjoy this webinar. And make sure to check the slides that Soner shared above!