The Apache Software Foundation (ASF) has announced Metron, a cybersecurity applications framework for centralised monitoring and analysis of network traffic, as its newest top-level project.
Metron was born out of Cisco's OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop framework. But where OpenSoc would have consumed and monitored network traffic and machine exhaust data out of data centers, Metron is a framework which can handle any kind of telemetry data.
The project was submitted to the Apache Incubator in December 2015, and its first release, Apache Metron v0.1, debuted in April 2016. As a top-level project its foundations remain in the Hadoop ecosystem, and it is built atop fellow Apache projects Storm, HBase and Kafka to handle streaming data in a real-time fashion.
Metron ingests, transforms, and normalises telemetry, including full network packet capture, and the data it takes in can be enriched with additional elements such as geographic location or asset identifiers as it streams by.
New enrichments can be specified with no downtime through user defined functions and a robust scripting language. Security threats can be specified and triaged using either rules or machine learning models so that only the greatest threats are prioritized for threat response and investigation.
"It is abundantly clear that cybersecurity challenges are becoming a bigger part of our reality," said Casey Stella, veep of Apache Metron. "Solving them effectively and at scale requires an open source, community-oriented approach built upon proven scalable technologies. This is what Metron is about at its core."
Current users include Australian telco Telstra, which uses it to power its security operation centers in key service hubs.
"Going through the Apache incubation process really illuminated how valuable and important it was to build vibrant and inclusive communities around code. Having infrastructure support from the ASF and active mentors to shepherd us through the hurdles made all the difference in the world," added Stella.
"The core ideals of openness, community, and transparency are prerequisites for solving cybersecurity challenges. Metron was a great fit in Apache because the ASF shares those core ideals. It really does take a village to solve the really hard problems," said the veep. ®