Open Source Software for Cyber Operations:



Similar documents
Open Source in Government: Delivering Network Security, Flexibility and Interoperability

COUNTERSNIPE

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Meeting the Challenges of Virtualization Security

Virtualized Security: The Next Generation of Consolidation

QRadar Security Intelligence Platform Appliances

Defending Against Cyber Attacks with SessionLevel Network Security

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

Next-Generation Firewalls: Critical to SMB Network Security

Network Access Control in Virtual Environments. Technical Note

Requirements When Considering a Next- Generation Firewall

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

The Importance of Cybersecurity Monitoring for Utilities

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

SANS Top 20 Critical Controls for Effective Cyber Defense

POLIWALL: AHEAD OF THE FIREWALL

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

Out-of-Band Security Solution // Solutions Overview

IBM Security Intrusion Prevention Solutions

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Cisco Security IntelliShield Alert Manager Service

Extreme Networks Security Analytics G2 Vulnerability Manager

On-Premises DDoS Mitigation for the Enterprise

POLIWALL: AHEAD OF THE FIREWALL

Network Performance + Security Monitoring

Cisco Remote Management Services for Security

How To Protect Your Network From Attack From A Network Security Threat

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Security Information & Event Manager (SIEM)

CLOUD GUARD UNIFIED ENTERPRISE

Business Case for a DDoS Consolidated Solution

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Introducing IBM s Advanced Threat Protection Platform

STEALTHWATCH MANAGEMENT CONSOLE

First Line of Defense to Protect Critical Infrastructure

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IBM QRadar Security Intelligence Platform appliances

Cisco IPS Tuning Overview

Whitepaper Unified Visibility Fabric A New Approach to Visibility

Continuous Network Monitoring

Business Case for Data Center Network Consolidation

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

VIRTUALIZED SECURITY: THE NEXT GENERATION OF CONSOLIDATION

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Deploying Firewalls Throughout Your Organization

OVERVIEW. Enterprise Security Solutions

Symantec Cyber Security Services: DeepSight Intelligence

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

INTRODUCING isheriff CLOUD SECURITY

The SIEM Evaluator s Guide

Secure Cloud-Ready Data Centers Juniper Networks

IBM Security QRadar Vulnerability Manager

Next Generation IPS and Reputation Services

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Clean VPN Approach to Secure Remote Access for the SMB

Total Protection for Compliance: Unified IT Policy Auditing

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

Cyber Watch. Written by Peter Buxbaum

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

Best Practices for Building a Security Operations Center

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

PCI DSS Top 10 Reports March 2011

IBM Security IBM Corporation IBM Corporation

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

How To Protect Your Cloud From Attack

Service Description DDoS Mitigation Service

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Unified network traffic monitoring for physical and VMware environments

Unified Threat Management Throughput Performance

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

First Line of Defense

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

A Modern Framework for Network Security in the Federal Government

Virtual Patching: a Proven Cost Savings Strategy

Security Event Management. February 7, 2007 (Revision 5)

Boosting Business Agility through Software-defined Networking

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco Security Optimization Service

Concierge SIEM Reporting Overview

Unisys ClearPath Forward Fabric Based Platform to Power the Weather Enterprise

Transcription:

W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability

Introduction For the last decade, the use of open source software (OSS) in corporate and government environments has steadily increased, a fact not only due to the significant number of available applications but also to the widespread acknowledgement of the technological and business advantages that are realized with OSS deployments. Beyond the business applications, OSS also has a strong presence in the network security and cyber intelligence world, as innovative and feature-rich cyber tools available as open source distributions are a mainstay in many NOCs, SOCs, and enterprise IT security groups. Network and cyber security professionals, whether managing networks for enterprises or complex federal government agencies, face a constantly evolving world of cyber attacks and threats by criminals and hackers that remain relentless in their determination to compromise targets and access high-value data. However, tight budgets are forcing these companies and agencies to look for ways to meet their information assurance and network security objectives while also containing spending. The result is an increasing demand for economically viable cyber intelligence and network defense capabilities to insure secure information delivery and assurance in this volatile networking environment. Fortunately, some of the most innovative cyber security and network traffic analysis solutions are available to companies and government agencies as open source software applications. Adoption of OSS has soared in recent years across a variety of industries and at all levels of government, as corporate executives, agency leaders and key stakeholders increasingly embrace the advantages these applications present over proprietary solutions and selffunded initiatives. By deploying open source cyber applications, companies and agencies can implement the best solutions for their needs without many of the security, interoperability and cost challenges associated with proprietary or in-house developed tools. This white paper explores some key benefits to companies and agencies when open source applications are deployed to enhance cyber security and network awareness. In addition to offering a list of commonly deployed applications, the paper also discusses the improvements in flexibility, agility, solution stability, as well as the potential reduction in the total cost of ownership that comes with open source solutions. 1

5 Key Values of Open Source Software 1. Breadth and Depth of Open Source Cyber Security Solutions Given the complex, bandwidth-intensive, and typically sensitive nature of many enterprise and government agency networks, cyber teams are especially eager to deploy open source applications that provide greater visibility, security, and control over network traffic. Several leading edge open source cyber applications are available to and are being deployed by corporate and government IT and security managers today, particularly to address network security, flow analysis, and traffic monitoring requirements. Key Open Source IDS/IPS Applications: Application Purpose Description Bro Passive Intrusion Detection Active Inline Prevention Network IDS/IPS application using event-oriented analysis for network traffic analysis and network security monitoring SNORT Passive Intrusion Detection Active Inline Prevention Network IDS/IPS application that combines the benefits of signature, protocol, and anomaly-based inspection methods Suricata Passive Intrusion Detection Active Inline Prevention High performance Network IDS/IPS and Network Security Monitoring engine, developed by the Open Information Security Foundation (OISF) Key Open Source Flow Monitoring Applications: Application Purpose Description Argus System & Network Monitoring Audit data to support network operations, performance, and security management, including network forensics, non-repudiation, network asset and service inventory SiLK Flow Analysis Engine Delivers historic and real-time analysis of network traffic YAF Flow Analysis Sensor Network flow recording program that processes packet flows into IPFIX format for later analysis Key Open Source Utility Applications: Application Purpose Description Barnyard2 Spooler for SNORT Binary Output Files Offloads the processing of the SNORT unified2 binary output into textual or database type formats nprobe NetFlow Collector Scalable network monitoring architecture that passively monitors and collects netflow information on high-speed network links ntop GUI for Network Metrics Network traffic probe that displays network usage TCPdump Packet Capture Open source tool for capturing and analyzing packets 2

Location #1 Location #2 Network Characteristics Classified and Unclassified (or Public) Networks Single and/or Multiple Locations Legitimate and Malicious Users Internal & External Threats Unclassified or Public Network INTERNET Open Source Cyber Security Applications Argus Barnyard2 Bro nprobe ntop Classified or Private Network SiLK SNORT Suricata TCPdump YAF Location #3 Protection Tools for Government and Company Networks A high-performance networking device capable of aggregating multiple cyber applications on a single platform: Intrusion Detection & Prevention Network Flow Analysis Monitoring & Surveillance For example, open source network flow recording and analysis tools, like YAF and SiLK, can provide network security and cyber analysts with comprehensive visibility into network protocols and data traversing the network, presenting an all-inclusive view of the network environment, network users, and bandwidth trends. By recording and analyzing network flows, YAF and SiLK can help identify and report policy violations as well as viruses, worms, botnets, malware and other vulnerabilities. As seen above, open source software for cyber operations is widely available for corporate and government use. However, companies and agencies must carefully select the appropriate host processing platform(s) to meet network security and bandwidth requirements; usually these applications function best when integrated with a high-performance platform that is optimized for packet processing applications. 2. Empowering Cyber Operations with Flexibility and Agility Given the continually changing landscape of cyber threats, cyber teams need flexibility, control and oftentimes scalability over the form, fit and function of network security solutions. However, rather than enabling teams with customized solutions that are best-suited for their objectives, proprietary products can create vendor dependency, locking the group into costly products with pricey licensing agreements. Unfortunately, once locked-in to a single vendor solution, the switching costs to more flexible, value-add solutions may be high. Open source software based solutions eliminate vendor lock-in and dependency. Instead of relying on one specific vendor, cyber security professionals have access to a wide range of best of breed technologies and are freed from dependency (and risk) on a single vendor for upgrades, security patches and other enhancements. Similarly, government-off-the-shelf (GOTS) solutions afford agencies a high level of direct control over product specifications and can be freely shared among agencies, however these applications require dedicated software programmers and can be costly to modify and maintain. Modular open source systems allow programmers and cyber analysts to adapt key features or add new capabilities when needed, rapidly developing and deploying customized applications to address their specific challenges. Open source allows these cyber professionals to tailor existing open source code, minimizing the time and money needed to create a custom solution. 3

3. Bolstering Security and Innovation Open source users can count on a large and active community that offers best practices in network security, cyber intelligence and information assurance. This community presents a significant pool of knowledge and resources cyber operations managers can tap for fresh ideas, a variety of opinions and reliable insight, as opposed to relying on a single vendor source. The open source user community is particularly beneficial when it comes to one of the most pressing concerns for large corporations and government agencies: cyber security. For these mission-critical and often highly sensitive networks, security vulnerabilities are not an option. Fortunately, access to open source program blueprints enhances security while also promoting continuous product improvement. User communities are constantly testing and validating open source software. When security patches are required, the open source community responds rapidly to fix the bugs, developing fixes for security vulnerabilities, sharing code patches and continually refining and refreshing software, ensuring that open source solutions continuously evolve and improve. This open source community approach enhances security, since vulnerabilities are quickly identified and remedied before they can be exploited. In other words, cyber security vulnerabilities are minimized when thousands of experienced programmers have the opportunity to independently view, modify and validate the blueprint. 4. Doing More with Less A perennial challenge for cyber operations and IT managers is making the most of tight budgets in networking environments where they lack the necessary human and financial resources required to keep up with software changes, equipment upgrades, licensing fees and maintenance costs that come with closed or proprietary technologies. Open source software has lower total cost of ownership (TCO) than closed solutions, and enables companies and government agencies to develop and deploy scalable applications at a fraction of the time and cost of proprietary software. Often, open source solutions are available for free with technical support in terms of ongoing patches and upgrades provided by the community at large. In additional, further reductions in operating expenditures can be realized by utilizing a highperformance cyber application platform that allows multiple open source applications to run simultaneously on common data streams without impacting performance. 5. Supporting Collaboration and Interoperability With open source, IT managers and cyber operations teams can share critical information among and within peer divisions and agencies. Open source makes it easier for groups to collaborate among themselves and with commercial solutions providers, and to provide any necessary external access to resources and information. For example, companies and government agencies can configure some open source cyber security applications to import real-time threat intelligence or policy updates from commercial data feeds, thereby implementing a continuously updated network security solution. 4

Bivio Networks: Optimizing Open Source Applications with High-Performance Infrastructure To optimally support open source network security applications with minimal porting effort, large companies and government agencies need a robust and reliable network infrastructure that can process the deep packet inspection and analysis functions of cyber applications at network speeds from multi-gigabit to over 40 Gbps on a single platform. To this end, Bivio Networks cyber security application platforms have many flexible and agile configuration options that allow the system to be scaled for throughput and performance across a wide range of packet processing workloads. This architecture is uniquely suited to support the deep packet processing capabilities of a variety of open source applications and services. Leveraging Bivio s carrier-grade platforms, companies and government agencies achieve dramatic increases in the performance of open source applications. The Bivio platform is specifically designed to host and manage multiple open source applications on a tightly-integrated system. This capability enables network managers and cyber analysts to simultaneously run multiple security applications in parallel on a shared platform to improve network security posture without compromising the system throughput and performance. For example, a single platform could host Suricata along with Argus to deploy both a high-speed network IDS/IPS and bi-directional flow analysis engine as a consolidated cyber solution. The consolidation of multiple applications on the platform also simplifies and eases system management through a single, efficient, Linux-based interface. This simplified management can reduce the learning curve for users and help reduce system downtime, human error or data loss so that analysts can focus on the core network and cyber monitoring tasks. This same architecture further enables the platform to deliver unprecedented performance in a single system for processor-intensive open source applications such as the Bro Network Security Monitor. Rather than using a cluster of separate servers, the Bivio platform effectively integrates the equivalent processing performance into a less complex, more compact, and simpler to manage cyber security system. Get Ahead with Open Source Budget and security considerations often keep companies and government agencies from getting ahead of the curve when it comes to advancing their networks in support of unique objectives. But with open source software, cyber teams can more readily implement the applications that are best-suited to mitigate network security threats, facilitate collaboration and adapt to evolving network requirements without the restrictions of proprietary or self-funded initiatives. Corporations, government agencies, and educational institutions are increasingly recognizing that, when deployed on high-performance cyber application platforms like Bivio s, the benefits of open source are many and are moving forward to deploy open source applications to lower costs, promote and encourage innovation and safeguard their networks. For more information on how your cyber team can get ahead with open source applications and Bivio platform solutions, please visit http://www.bivio.net/products. 5

About Bivio Networks Founded in 2000, Bivio Networks is dedicated to providing leading networking products that enable government agencies and service providers to control, monitor and secure critical network infrastructure. A leader in cyber intelligence, cyber security and network control solutions, Bivio has deployed its products in a wide range of environments. Bivio s global customer base includes leading defense department and intelligence agencies, service providers and enterprises. Bivio is privately-held and is headquartered in the San Francisco Bay Area. More information is available at www.bivio.net. Bivio Networks, Inc. 4457 Willow Road, Suite 240 Pleasanton, California 94588 Phone: 925-924-8600 Fax: 925-924-8650 www.bivio.net 2015 Bivio Networks, Inc. All rights reserved. The Bivio logo, BiviOS, Bivio 7000 Series, and Bivio 8000 Series are trademarks or registered trademarks of Bivio Networks, Inc. All other company and product names may be trademarks of their respective owners. Bivio Networks may make changes to specifications and product descriptions at any time, without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information