The ASF launches new framework for centralized monitoring of network traffic
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
April 24, 2017
The Apache Software Foundation has launched its Metron application, a new security framework for centralized monitoring and analysis of network traffic.
To be sure, Metron was born out of Cisco's OpenSoc project two years ago. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop framework.
However, where OpenSoc would have consumed and monitored network traffic and machine data output of DCs, Metron is a higher-level framework which can handle any kind of telemetry data.
The new initiative was submitted to the Apache Incubator in December 2015, and its first release, Apache-Metron v0.1, debuted in April of last year.
As a top-level project, its true core expertise still remains in the Hadoop ecosystem, and it is built on top of the Apache projects Storm, HBase and Kafka to handle streaming data in a real-time manner.
Metron ingests, transforms and normalises telemetry services including full network packet capture and the data it takes in can be enriched with additional elements such as geographic location or asset identifiers.
For example, new enrichments can be specified with no downtime through user defined functions and a robust scripting language.
Security threats can be specified using either rules or machine learning models so that only the greatest threats are prioritized for threat response and investigation.
"It's very clear now that cybersecurity challenges are becoming a bigger part of our reality," said Casey Stella, vice president of Apache Metron.
"Solving them effectively and at scale requires an open source, community-oriented approach built upon proven scalable technologies. This is what Metron is about at its core," added Stella.
Current Metron users include Australian telco Telstra, which uses it to power its security operation centers in key service hubs across the country.
"Going through the Apache incubation process really illuminated how valuable and important it was to build vibrant and inclusive communities around code. Having infrastructure support from the ASF and active mentors to shepherd us through the various obstacles made all the difference," Stella asserted.
Source: The Apache Software Foundation.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.