Cisco Subnet An independent Cisco community View more

Cisco open sources security

OpenSOC framework intended to harness big data analytics for data protection

Cisco this week announced the availability of an open source security framework designed to harness big data analytics to combat data loss.

Cisco OpenSOC integrates elements of the Hadoop ecosystem, such as Storm, Kafka, and Elasticsearch, to provide a platform incorporating full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation. It also provides a centralized platform to enable security analysts to detect and respond to threats, Cisco says.

+MORE ON NETWORK WORLD: Cisco names new security chief after Young departs+

Citing data from Breach Level Index, Cisco says an average of 23 data records were lost or stolen every second between July and September of this year, or close to two million records every day. Conventional means of threat detection cannot maintain this pace so big data analytics are no necessary, the company says.

The OpenSOC framework is designed to provide context, real-time and centralized security analytics. OpenSOC ingests data and pushes it to various processing units for computation and analytics to determine the context for security protection and forensic work.

Real-time processing includes the application of threat intelligence, geolocation, and DNS information to collected telemetry. This is intended to provide greater context and situational awareness for detailed and timely investigations, Cisco says.

The centralized interface presents alert summaries with data specific to an alert on a single page. Full packet-extraction tools are also available, Cisco says.

As an open source framework, OpenSOC allows any organization to create an incident detection tool specific to their needs, Cisco says. And by leveraging Hadoop, OpenSOC can also horizontally scale the amount of data it collects, stores, and analyzes, the company says.

The OpenSOC community website is located at http://opensoc.github.io/.

More from Cisco Subnet:

Startups look to eliminate routers, switches

Cisco bulks up branch routers for clouds

HP launches SDN App Store

Broadcom unveils 25G Ethernet, SDN optimized chip

Cisco pumping $1 billion more into Intercloud

Cisco names new security chief after Young departs

Chambers again dashes EMC speculation

Why Cisco lost two key officials in data center, cloud

Brocade unveils OpenDaylight SDN controller

Cisco acquires OpenStack cloud provider

Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.