Cisco gaat Open-Source voor wat betreft Big Data Security Analytics

Cisco is no stranger to the open-source world and is now expanding its efforts with the OpenSOC (Security Operation Center), which is a project that is freely available on Github.

OpenSOC at first glance might appear to be a SIEM (Security Information and Event Management) system but according to Annie Ballew, Solutions Architect in the Cisco Security Business Group, it isn't a SIEM technology in the traditional sense. Rather Ballew said that OpenSOC should be considered as a big data technology for security analytics.

"Our goal is to push the technology forward for overall security incident investigation and visibility by leveraging advanced big data techniques," Ballew said. "OpenSOC does provide SIEM-like capabilities, but it also incorporates forensics capabilities, enables machine learning and analytics, and rapidly applies external information sources to security and network telemetry as it comes in.

Earlier this year Chris Young, former SVP of security at Cisco told Enterprise Networking Planet in a video interview that Cisco did not need its own SIEM platform. The SIEM market includes multiple vendors with IBM's Qradar and HP's ArcSight among the industry leaders.

 While the OpenSOC project itself is open-source, Cisco is already leveraging the technology in its commercial products.

"OpenSOC is currently included in our Managed Threat Defense services offering where it is installed, implemented and fully operationalized," Ballew said.

Cisco launched its Manage Threat Defense service in April. That service manages and monitors logs as well as a customer's security event lifecycle.

Ballew added that OpenSOC is also integrated with various other Cisco security components such as Sourcefire FirePower NGIPS, SourceFire AMP, and ThreatGrid.

From a component perspective, the open-source Kibana project which provides analytics and a search dashboard for the open-source Elasticsearch project is key part of OpenSOC. Elasticsearch is a leading open-source data analytics search platform.

"Cisco does have a working relationship with Elasticsearch but not specifically as it relates to the Kibana component," Ballew said. "In general, OpenSOC is simply consuming Kibana as an open-source technology."

 

bron: http://www.enterprisenetworkingplanet.com/netsecur/cisco-goes-open-source-for-big-data-security-analytics.html

NEDLINUX FORUM

Het nederlandse linuxforum
Voor beginners en pro’s

 

 

 

 

E-mailadres



 

 

Nieuwste editie:

Linuxmag op Facebook

@linuxmagnl op Twitter

linuxmagNL Linux Nieuws: @SUSE bestaat 25 jaar en trakteert! Maak kans op entreeticket voor #SUSECON in Praag, zie link!… https://t.co/ENJKDvyZQ8
linuxmagNL De nieuwe editie van Linux Magazine is weer uit! Thema: bescherm jezelf tegen hackers met Linux. Veel leesplezier a… https://t.co/Zcy3Zdjb90
linuxmagNL Ook de Red Hat Forum BeNeLux 2017 mag je dit jaar niet missen. 10 oktober 2017, zet het in je agenda! https://t.co/niY9UdK3Ov