OpenSOC Big Data Security Analytics Framework Consumes and Monitors Network Traffic and Machine Exhaust Data of a Data Center
In an effort to help organizations create an incident investigation tool that meets their specific requirements, Cisco announced on Monday the availability of the company’s OpenSOC big data security analytics framework as an open source solution.
Recent data breaches have resulted in a large number of organizations having customer details and intellectual property compromised. The incident investigation process of such breaches can be time-consuming when traditional techniques are used. The OpenSOC framework can speed up the process by providing data breach victims with all the tools and information they need in a single platform, Cisco said.
“The OpenSOC framework helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly detection and incident forensics to the data loss problem,” Cisco’s Pablo Salazar wrote in a blog post.
“By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation. It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats,” Salazar added.
You May Like: Bigger Data, Smaller Problems: Taking Hadoop Security to the Next Level
According to Cisco, OpenSOC can provide three key elements for security analytics. First of all, it captures, stores and normalizes security telemetry at high rates, providing organizations the visibility and information required for investigating and remediating an incident.
The framework processes and applies information such as geolocation, DNS data, and threat intelligence in real time to provide context and situational awareness which, according to Cisco, are critical for a detailed and timely investigation.
OpenSOC’s interface provides alert summaries, advanced search capabilities, and full packet-extraction tools, the company said.
“The framework is highly extensible: any organization can customize their incident investigation process. It can be tailored to ingest and view any type of telemetry, whether it is for specialized medical equipment or custom-built point of sale devices. By leveraging Hadoop, OpenSOC also has the foundational building blocks to horizontally scale the amount of data it collects, stores, and analyzes based on the needs of the network,” explained Salazar.
By releasing OpenSOC as an open source solution, Cisco hopes the framework will continue to evolve, allowing organizations to improve their ability to handle incident response.
OpenSOC is not the first tool released by Cisco as an open source solution. In September 2013, the company announced the availability of Kvasir, a tool that allows penetration testers to use and share vulnerability data from multiple sources, including vulnerability scanners and exploitation frameworks. The company also runs
Related Reading: Big Data Security Challenge: Integrating Multiple Data Sources
Related Reading: The Role of Big Data in Security

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
Latest News
- Google Patches Third Chrome Zero-Day of 2023
- Dozens of Malicious Extensions Found in Chrome Web Store
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
