Cisco this week announced the availability of an open source security framework designed to harness big data analytics to combat data loss.
Cisco OpenSOC integrates elements of the Hadoop ecosystem, such as Storm, Kafka, and Elasticsearch, to provide a platform incorporating full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation. It also provides a centralized platform to enable security analysts to detect and respond to threats, Cisco says.
+MORE ON NETWORK WORLD: Cisco names new security chief after Young departs+
Citing data from Breach Level Index, Cisco says an average of 23 data records were lost or stolen every second between July and September of this year, or close to two million records every day. Conventional means of threat detection cannot maintain this pace so big data analytics are no necessary, the company says.
The OpenSOC framework is designed to provide context, real-time and centralized security analytics. OpenSOC ingests data and pushes it to various processing units for computation and analytics to determine the context for security protection and forensic work.
Real-time processing includes the application of threat intelligence, geolocation, and DNS information to collected telemetry. This is intended to provide greater context and situational awareness for detailed and timely investigations, Cisco says.
The centralized interface presents alert summaries with data specific to an alert on a single page. Full packet-extraction tools are also available, Cisco says.
As an open source framework, OpenSOC allows any organization to create an incident detection tool specific to their needs, Cisco says. And by leveraging Hadoop, OpenSOC can also horizontally scale the amount of data it collects, stores, and analyzes, the company says.
The OpenSOC community website is located at http://opensoc.github.io/.
More from Cisco Subnet: