Cisco Releases OpenSOC Security Analytics Framework as Open Source

OpenSOC Big Data Security Analytics Framework Consumes and Monitors Network Traffic and Machine Exhaust Data of a Data Center

In an effort to help organizations create an incident investigation tool that meets their specific requirements, Cisco announced on Monday the availability of the company’s OpenSOC big data security analytics framework as an open source solution.

Recent data breaches have resulted in a large number of organizations having customer details and intellectual property compromised. The incident investigation process of such breaches can be time-consuming when traditional techniques are used. The OpenSOC framework can speed up the process by providing data breach victims with all the tools and information they need in a single platform, Cisco said.

“The OpenSOC framework helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly detection and incident forensics to the data loss problem,” Cisco’s Pablo Salazar wrote in a blog post.

“By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation. It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats,” Salazar added.

You May Like: Bigger Data, Smaller Problems: Taking Hadoop Security to the Next Level

According to Cisco, OpenSOC can provide three key elements for security analytics. First of all, it captures, stores and normalizes security telemetry at high rates, providing organizations the visibility and information required for investigating and remediating an incident.

The framework processes and applies information such as geolocation, DNS data, and threat intelligence in real time to provide context and situational awareness which, according to Cisco, are critical for a detailed and timely investigation.

OpenSOC’s interface provides alert summaries, advanced search capabilities, and full packet-extraction tools, the company said.

“The framework is highly extensible: any organization can customize their incident investigation process. It can be tailored to ingest and view any type of telemetry, whether it is for specialized medical equipment or custom-built point of sale devices. By leveraging Hadoop, OpenSOC also has the foundational building blocks to horizontally scale the amount of data it collects, stores, and analyzes based on the needs of the network,” explained Salazar.

By releasing OpenSOC as an open source solution, Cisco hopes the framework will continue to evolve, allowing organizations to improve their ability to handle incident response.

OpenSOC is not the first tool released by Cisco as an open source solution. In September 2013, the company announced the availability of Kvasir, a tool that allows penetration testers to use and share vulnerability data from multiple sources, including vulnerability scanners and exploitation frameworks. The company also runs 

Related Reading: Big Data Security Challenge: Integrating Multiple Data Sources

Related Reading: The Role of Big Data in Security