Apache Foundation hails Metron as new top level project for cybersecurity

♪ Straight outta Cisco, crazy app framework called Metron, open-sourced so data's not crept on ♪

The Apache Software Foundation (ASF) has announced Metron, a cybersecurity applications framework for centralised monitoring and analysis of network traffic, as its newest top-level project.

Metron was born out of Cisco's OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop framework. But where OpenSoc would have consumed and monitored network traffic and machine exhaust data out of data centers, Metron is a framework which can handle any kind of telemetry data.

The project was submitted to the Apache Incubator in December 2015, and its first release, Apache Metron v0.1, debuted in April 2016. As a top-level project its foundations remain in the Hadoop ecosystem, and it is built atop fellow Apache projects Storm, HBase and Kafka to handle streaming data in a real-time fashion.

Metron ingests, transforms, and normalises telemetry, including full network packet capture, and the data it takes in can be enriched with additional elements such as geographic location or asset identifiers as it streams by.

New enrichments can be specified with no downtime through user defined functions and a robust scripting language. Security threats can be specified and triaged using either rules or machine learning models so that only the greatest threats are prioritized for threat response and investigation.

"It is abundantly clear that cybersecurity challenges are becoming a bigger part of our reality," said Casey Stella, veep of Apache Metron. "Solving them effectively and at scale requires an open source, community-oriented approach built upon proven scalable technologies. This is what Metron is about at its core."

Current users include Australian telco Telstra, which uses it to power its security operation centers in key service hubs.

"Going through the Apache incubation process really illuminated how valuable and important it was to build vibrant and inclusive communities around code. Having infrastructure support from the ASF and active mentors to shepherd us through the hurdles made all the difference in the world," added Stella.

"The core ideals of openness, community, and transparency are prerequisites for solving cybersecurity challenges. Metron was a great fit in Apache because the ASF shares those core ideals. It really does take a village to solve the really hard problems," said the veep. ®

Other stories you might like

  • Cisco execs pledge simpler, more integrated networks
    Is this the end of Switchzilla's dashboard creep?

    Cisco Live In his first in-person Cisco Live keynote in two years, CEO Chuck Robbins didn't make any lofty claims about how AI is taking over the network or how the company's latest products would turn networking on its head. Instead, the presentation was all about working with customers to make their lives easier.

    "We need to simplify the things that we do with you. If I think back to eight or ten years ago, I think we've made progress, but we still have more to do," he said, promising to address customers' biggest complaints with the networking giant's various platforms.

    "Everything we find that is inhibiting your experience from being the best that it can be, we're going to tackle," he declared, appealing to customers to share their pain points at the show.

    Continue reading
  • Datacenter networks: You'll manage them from the cloud, eventually, claims Cisco
    Nexus portfolio undergoes cloudy Software-as-a-Service revamp

    Cisco's Nexus Cloud will eventually allow customers to manage their datacenter networks entirely from the cloud, says the networking giant.

    The company unveiled the latest addition to its datacenter-focused Nexus portfolio at Cisco Live this week, where the product set got a software-as-a-service (SaaS) revamp.

    "It's targeted at network operations teams that need to manage, or want to manage, their Nexus infrastructure as well as their public-cloud network infrastructure in one spot," Cisco's Thomas Scheibe – VP product management, cloud networking for Nexus & ACI product lines – told The Register.

    Continue reading
  • If you're using older, vulnerable Cisco small biz routers, throw them out
    Severe security flaw won't be fixed – as patches released this week for other bugs

    If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.

    First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.

    Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.

    Continue reading

Biting the hand that feeds IT © 1998–2022