Sold by: AdvanceCo Inc.
Deployed on AWS
AWS Free Tier
Hardened Suricata 9 engine for AWS. Real-time threat detection and deep packet inspection. Optimized for cloud workloads with professional vendor support and seamless SIEM integration.
Overview
Enterprise-Grade Network Security: Hardened for the AWS Cloud In 2026, network visibility is the foundation of a Zero Trust architecture. AdvanceCo Inc provides a production-ready deployment of Suricata 9, the industry leading open-source network threat detection engine, packaged specifically for the Amazon Web Services ecosystem. This AMI removes the operational burden of manual setup. Built on a stable Ubuntu 22.04 LTS foundation, this solution is tuned to leverage AWS features like VPC Traffic Mirroring and Nitro-based instance acceleration. Key Capabilities: Advanced Engine Architecture: Suricata 9 utilizes multi-threading to exploit 100 percent of your multi-core CPU resources. Deep Protocol Analysis: Beyond simple signature matching, Suricata provides metadata extraction for HTTP, DNS, TLS, and SMB traffic. Modern Encryption Visibility: Enhanced handling of QUIC and TLS 1.3 ensures you maintain visibility into modern encrypted streams. Hardened Security: This build includes specific kernel-level optimizations to handle high-velocity traffic spikes without packet loss. The AdvanceCo Advantage: Choosing our supported AMI means you have a partner for your security infrastructure. Our Raleigh-based team provides: Quarterly Maintenance: We handle Ubuntu kernel security patches and Suricata binary updates. SIEM Integration: EVE JSON output is ready for ingestion into any modern observability platform. Performance Tuning: Includes specific configurations not found in community builds for high-throughput networking. Ideal Use Cases: Regulatory Compliance: Quickly satisfy requirements for network monitoring in HIPAA and PCI DSS environments. Cost-Effective Scalability: A powerful alternative to managed firewall services for organizations requiring granular control. Threat Hunting: Use Network Security Monitoring features to analyze network behavior in real-time.
Highlights
- Suricata 9 Engine Upgrade: Next-generation visibility for QUIC and TLS 1.3 protocols to secure modern encrypted traffic. Performance Tuned: Pre-configured AF-PACKET settings and 128k block sizes for high-speed AWS networking and reduced CPU overhead.
- LDAP and SIP Inspection: Full visibility into lateral movement and voice traffic with native LDAP and SIP over TCP parsers.
- Compliance Ready: EVE JSON logging format for instant integration with AWS Security Hub and meeting PCI DSS 4.0 or SOC 2 audits. Professional Support: Includes OS and software maintenance from the AdvanceCo US-based engineering team.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 22.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on a fixed subscription cost. You pay the same amount each billing period for unlimited usage of the product. Pricing is prorated, so you're only charged for the number of days you've been subscribed. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
- Monthly subscription
- $625.00/month
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Major Engine Upgrade: Suricata 9 We have transitioned our core engine from version 8.x to the Suricata 9.0 architecture. This upgrade prioritizes Zero Trust visibility and high-speed encrypted traffic handling, ensuring your AWS infrastructure remains resilient against modern evasive threats.Key Improvements & New Features:Next-Gen QUIC & TLS Inspection: Enhanced handling of encrypted QUIC traffic with new encryption-handling settings. Users can now choose between bypass, track-only, or full inspection modes to balance security with performance.Native LDAP Parser & Logger: Full visibility into LDAP/LDAPS traffic-critical for identifying credential harvesting and lateral movement within Active Directory or cloud-based directory services.Hardened SIP Over TCP: The SIP (Session Initiation Protocol) parser has been rebuilt to fully inspect traffic carried over TCP, with unified EVE log schemas for both UDP and TCP transport.Optimized AF_PACKET Performance: We have tuned the kernel-level packet capture defaults. The block size has been increased to 128k, allowing for full-size defragmented packets and significantly reducing CPU overhead during high-velocity traffic spikes.Advanced DNS Consistency: DNS logging has been overhauled for better parity between requests, responses, and alerts, simplifying the correlation of complex "Domain Generation Algorithm" (DGA) attacks.IPS Exception Policies: New "Drop-by-Default" policies for mid-stream exceptions, ensuring that if the engine hits a memory cap or processing limit, your network stays protected rather than failing open. To take full advantage of the Suricata 9 upgrade, we recommend the following adjustments to your deployment:
Memory Allocation: With the new 128k AF_PACKET block size, ensure your instance has at least 8GB of RAM (c6i.large or higher) to accommodate the increased buffer space.
Protocol Settings: Review the new app-layer.protocols.quic section in your suricata.yaml to configure your preferred encryption handling.
Hyperscan Caching: This version includes automatic pruning of Hyperscan cache files (7-day default). This keeps your root volume clean and ensures the fastest possible startup times for your IDS/IPS nodes. While the community version of Suricata 9 is in active development, AdvanceCo Inc. provides a "Hardened Stable" fork. We have backported critical security patches and pre-integrated the engine with Ubuntu 22.04 LTS, ensuring that you get the cutting-edge features of version 9 with the stability required for enterprise production.
Support Notice: With this release, we are officially moving Suricata 7.x to "Legacy" status. We encourage all customers to migrate to this version 9.0 build before the Suricata 7.x EOL in July 2026.
Additional details
Usage instructions
SSH in as ubuntu.
Resources
Vendor resources
Support
Vendor support
Professional Support: Includes OS and software maintenance from the AdvanceCo US-based engineering team.Paid telephone, slack, and software maintenance support is available to customers requiring supported open source products. Find us at https://www.advancecoinc.com/aws-marketplace.html Contact us at secproductsupport@advancecoinc.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By AdvanceCo Inc.
By Security Onion Solutions, LLC
By OPNsense
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-threaded Network Processing
Suricata 9 engine utilizes multi-threading architecture to exploit 100 percent of multi-core CPU resources for parallel packet processing.
Deep Protocol Analysis
Metadata extraction capabilities for HTTP, DNS, TLS, and SMB traffic with native LDAP and SIP over TCP parsers for comprehensive protocol visibility.
Modern Encryption Protocol Support
Enhanced handling of QUIC and TLS 1.3 protocols with advanced visibility into encrypted traffic streams.
High-Performance Packet Inspection
Pre-configured AF-PACKET settings with 128k block sizes optimized for high-speed AWS networking, kernel-level optimizations to handle high-velocity traffic spikes without packet loss.
Structured Logging and SIEM Integration
EVE JSON output format for seamless ingestion into observability platforms and compliance frameworks including AWS Security Hub, PCI DSS 4.0, and SOC 2 audits.
Network Traffic Analysis
Signature-based detection via Suricata with full packet capture (PCAP) capability and protocol metadata extraction using Zeek or Suricata
Host Visibility and Monitoring
Elastic Agent for data collection with live queries via osquery and centralized management through Elastic Fleet
File Analysis and Extraction
File analysis and extraction capabilities via Strelka with support for rich protocol metadata and file extraction from network traffic
Intrusion Detection and Deception
Intrusion detection honeypots based on OpenCanary for enterprise visibility and threat detection
Centralized Security Operations Console
Native Security Onion Console (SOC) interface for alerting, detection, hunting, dashboards, case management, and PCAP traffic analysis with support for standalone, single VM, or distributed grid deployment modes
Stateful Firewall Inspection
Fully featured stateful inspection firewall with advanced routing capabilities supporting dynamic protocols such as OSPF and BGP
VPN Technologies
Support for multiple VPN technologies including OpenVPN, IPsec, and Wireguard for securing cloud infrastructure
Intrusion Detection and Prevention
Inline intrusion detection and prevention system with Proofpoint ET rulesets including ET Open and ET Pro Telemetry editions
Open Source License
Open Source Initiative approved 2-clause BSD license enabling open-source security platform deployment
Modular Architecture
Modularized and hardened architecture with simple firmware upgrades and fast adoption of upstream software updates
Standard contract
No
No
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.