Cisco is opening up development of the OpenSOC framework by making the tool open source.
Announced in a blog post on Monday, the San Jose, CA-based company said Opensoc, a framework that uses big data analytics to detect threats, is now available for businesses to integrate within their own systems. Cisco Security Solutions manager Pablo Salazar writes:
The OpenSOC framework helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly detection and incident forensics to the data loss problem.
The OpenSOC framework integrates elements of the Hadoop ecosystem, including Storm, Kafka, and Elasticsearch. According to the firm, this means OpenSOC is capable of full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation, and also provides a platform that can "effectively enable security analysts to rapidly detect and respond to advanced security threats."
The Breach Level Index states that between July and September of 2014, an average of 23 data records was lost or stolen every second, which comes close to two million records a day.
"This data loss will continue as attackers become increasingly sophisticated in their attacks," Salazar writes. "Given this stark reality, we can no longer rely on traditional means of threat detection."
Big Data is one arena that has been tapped to augment traditional security frameworks. Through the analysis of vast amounts of data, patterns emerge — and malicious activity that disrupts standard patterns can be detected before more damage is done.
The OpenSOC framework leverages big data in this manner, and provides real-time processing of data, threat intelligence, geolocation and DNS tags in order to conduct digital forensics. In addition, OpenSOC provides alert summaries with threat data within a page on the platform.
When we built OpenSOC, one of our goals was to bring all of these pieces together into a single platform. Analysts can use a single tool to navigate data with narrowed focus instead of wasting precious time trying to make sense of mountains of unstructured data.
As an open source solution, OpenSOC opens the door for any organization to create an incident detection tool specific to their needs.