Cisco leverages Hadoop for latest contribution to open security framework
Although Cisco Systems Inc. is best known for selling proprietary data center switches, it also plays an active role in the open-source ecosystem, ranking as the sixth most prolific contributor to OpenStack and listing several community projects under its belt.
The networking stalwart added another notch to its repertoire this week with the release of an analytics framework that combines several emerging components in the Hadoop ecosystem to help security professionals become more responsive to leaks.
The technology addresses a real need. According to the Breach Level Index, the period between July and September saw an average of 23 records lost or stolen every second, a rate that is far too fast to combat using traditional methods. OpenSOC promises to radically shorten that reaction gap with a real-time approach to threat analysis.
Compatible with every major Hadoop distribution, the framework uses the Apache Kafka message broker developed at LinkedIn Corp. to pipe transmissions from sensors scattered throughout different parts of a network into the Storm execution engine at a rate of up to 1.2 million packets per second. The incoming data is pushed through filters that produce an alert when an analogy is discovered containing a summary of the incident and contextual information designed to help users cut straight to solving the problem.
From there, the information travels to the Hadoop File System, where it’s exposed for Hive and HBase to enable security analysts to perform advanced analysis of security threats and expose patterns among individual attacks using structured query syntax that they already know. Organizations can also integrate OpenSOC with their existing tools to flatten the learning curve and can use Elasticsearch to perform less complicated operations such as searching for specific data points.
Unlike most newly launched open-source projects, the framework has been through several months of production use, with Cisco claiming to utilize it internally to detect network threats. OpenSOC also incorporates contributions from Hortonworks Inc., the prime backer of Storm, which recently became the first Hadoop distributor to file for a public offering. That early participation provides another degree of validation for the technology that should help drive adoption and suggests that the company may seek to play a continued role in the development of the project as it evolves.
Either way, OpenSOC will benefit from the growing interest around Storm in the wake of its recent induction as a top-level project at the Apache Software Foundation. And it also adds to that momentum, opening up an important new use case for the engine.
The source code for OpenSOC is available on GitHub. Cisco says that organizations can customize the framework to ingest anything from geolocation data to the output of medical devices and even deploy it in the public cloud.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU