• No results found

Open Source Software for Cyber Operations:

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Open Source Software for Cyber Operations:"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Open Source Software for Cyber Operations:

Delivering Network Security, Flexibility and Interoperability

W H I T E P A P E R

(2)

Introduction

For the last decade, the use of open source software (OSS) in corporate and government environments has steadily increased, a fact not only due to the significant number of available applications but also to the widespread acknowledgement of the technological and business advantages that are realized with OSS deployments. Beyond the business applications, OSS also has a strong presence in the network security and cyber intelligence world, as innovative and feature-rich cyber tools available as open source distributions are a mainstay in many NOCs, SOCs, and enterprise IT security groups.

Network and cyber security professionals, whether managing networks for enterprises or complex federal government agencies, face a constantly evolving world of cyber attacks and threats by criminals and hackers that remain relentless in their determination to compromise targets and access high-value data. However, tight budgets are forcing these companies and agencies to look for ways to meet their information assurance and network security objectives while also containing spending. The result is an increasing demand for economically viable cyber intelligence and network defense capabilities to insure secure information delivery and assurance in this volatile networking environment.

Fortunately, some of the most innovative cyber security and network traffic analysis solutions are available to companies and government agencies as open source software applications. Adoption of OSS has soared in recent years across a variety of industries and at all levels of government, as corporate executives, agency leaders and key stakeholders increasingly embrace the advantages these applications present over proprietary solutions and self- funded initiatives. By deploying open source cyber applications, companies and agencies can implement the best solutions for their needs without many of the security, interoperability and cost challenges associated with proprietary or in-house developed tools.

This white paper explores some key benefits to companies and agencies

when open source applications are deployed to enhance cyber security and

network awareness. In addition to offering a list of commonly deployed

applications, the paper also discusses the improvements in flexibility, agility,

solution stability, as well as the potential reduction in the total cost of

ownership that comes with open source solutions.

(3)

5 Key Values of Open Source Software

1. Breadth and Depth of Open Source Cyber Security Solutions

Given the complex, bandwidth-intensive, and typically sensitive nature of many enterprise and government agency networks, cyber teams are especially eager to deploy open source applications that provide greater visibility, security, and control over network traffic.

Several leading edge open source cyber applications are available to and are being deployed by corporate and government IT and security managers today, particularly to address network security, flow analysis, and traffic monitoring requirements.

Application Purpose Description

Bro Passive Intrusion Detection Active Inline Prevention

Network IDS/IPS application using event-oriented analysis for network traffic analysis and network security monitoring

SNORT® Passive Intrusion Detection Active Inline Prevention

Network IDS/IPS application that combines the benefits of signature, protocol, and anomaly-based inspection methods

Suricata Passive Intrusion Detection Active Inline Prevention

High performance Network IDS/IPS and Network Security Monitoring engine, developed by the Open Information Security Foundation (OISF)

Key Open Source IDS/IPS Applications:

Key Open Source Flow Monitoring Applications:

Application Purpose Description

Argus System & Network Monitoring

Audit data to support network operations, performance, and security management, including network forensics, non-repudiation, network asset and service inventory SiLK Flow Analysis Engine Delivers historic and real-time analysis of network traffic

YAF Flow Analysis Sensor Network flow recording program that processes packet flows into IPFIX format for later analysis

Key Open Source Utility Applications:

Application Purpose Description

Barnyard2 Spooler for SNORT® Binary Output Files

Offloads the processing of the SNORT® unified2 binary output into textual or database type formats

nProbe NetFlow Collector

Scalable network monitoring architecture that passively monitors and collects netflow information on high-speed network links

nTop GUI for Network Metrics Network traffic probe that displays network usage

TCPdump Packet Capture Open source tool for capturing and analyzing packets

(4)

For example, open source network flow recording and analysis tools, like YAF and SiLK, can provide network security and cyber analysts with comprehensive visibility into network protocols and data traversing the network, presenting an all-inclusive view of the network environment, network users, and bandwidth trends. By recording and analyzing network flows, YAF and SiLK can help identify and report policy violations as well as viruses, worms, botnets, malware and other vulnerabilities.

As seen above, open source software for cyber operations is widely available for corporate and government use. However, companies and agencies must carefully select the appropriate host processing platform(s) to meet network security and bandwidth requirements; usually these applications function best when integrated with a high-performance platform that is optimized for packet processing applications.

2. Empowering Cyber Operations with Flexibility and Agility

Given the continually changing landscape of cyber threats, cyber teams need flexibility, control and oftentimes scalability over the form, fit and function of network security solutions. However, rather than enabling teams with customized solutions that are best-suited for their objectives, proprietary products can create vendor dependency, locking the group into costly products with pricey licensing agreements. Unfortunately, once “locked-in” to a single vendor solution, the switching costs to more flexible, value-add solutions may be high.

Open source software based solutions eliminate vendor lock-in and dependency. Instead of relying on one specific vendor, cyber security professionals have access to a wide range of best of breed technologies and are freed from dependency (and risk) on a single vendor for upgrades, security patches and other enhancements. Similarly, government-off-the-shelf (GOTS) solutions afford agencies a high level of direct control over product specifications and can be freely shared among agencies, however these applications require dedicated software programmers and can be costly to modify and maintain.

Modular open source systems allow programmers and cyber analysts to adapt key features or add new capabilities when needed, rapidly developing and deploying customized applications to address their specific challenges. Open source allows these cyber professionals to tailor

Network Characteristics Classified and Unclassified (or Public) Networks

Single and/or Multiple Locations Legitimate and Malicious Users Internal & External Threats

Protection Tools for Government and Company Networks

A high-performance networking device capable of aggregating multiple cyber applications on a single platform:

Intrusion Detection & Prevention

Network Flow Analysis

Monitoring & Surveillance Open Source Cyber Security Applications

Argus Barnyard2 Bro nProbe nTop

SiLK SNORT® Suricata TCPdump YAF INTERNET

Unclassified or Public Network

Classified or Private Network Location #1

Location #2

Location #3

(5)

3. Bolstering Security and Innovation

Open source users can count on a large and active community that offers best practices in network security, cyber intelligence and information assurance. This community presents a significant pool of knowledge and resources cyber operations managers can tap for fresh ideas, a variety of opinions and reliable insight, as opposed to relying on a single vendor source.

The open source user community is particularly beneficial when it comes to one of the most pressing concerns for large corporations and government agencies: cyber security. For these mission-critical and often highly sensitive networks, security vulnerabilities are not an option.

Fortunately, access to open source program blueprints enhances security while also promoting continuous product improvement.

User communities are constantly testing and validating open source software. When security patches are required, the open source community responds rapidly to fix the bugs, developing fixes for security vulnerabilities, sharing code patches and continually refining and refreshing software, ensuring that open source solutions continuously evolve and improve. This open source community approach enhances security, since vulnerabilities are quickly identified and remedied before they can be exploited. In other words, cyber security vulnerabilities are minimized when thousands of experienced programmers have the opportunity to independently view, modify and validate the blueprint.

4. Doing More with Less

A perennial challenge for cyber operations and IT managers is making the most of tight budgets in networking environments where they lack the necessary human and financial resources required to keep up with software changes, equipment upgrades, licensing fees and maintenance costs that come with closed or proprietary technologies.

Open source software has lower total cost of ownership (TCO) than closed solutions, and enables companies and government agencies to develop and deploy scalable applications at a fraction of the time and cost of proprietary software. Often, open source solutions are available for free with technical support in terms of ongoing patches and upgrades provided by the community at large.

In additional, further reductions in operating expenditures can be realized by utilizing a high- performance cyber application platform that allows multiple open source applications to run simultaneously on common data streams without impacting performance.

5. Supporting Collaboration and Interoperability

With open source, IT managers and cyber operations teams can share critical information among and within peer divisions and agencies. Open source makes it easier for groups to collaborate among themselves and with commercial solutions providers, and to provide any necessary external access to resources and information. For example, companies and government agencies can configure some open source cyber security applications to import real-time threat intelligence or policy updates from commercial data feeds, thereby implementing a continuously updated network security solution.

(6)

Bivio Networks: Optimizing Open Source Applications with High-Performance Infrastructure

To optimally support open source network security applications with minimal porting effort, large companies and government agencies need a robust and reliable network infrastructure that can process the deep packet inspection and analysis functions of cyber applications at network speeds from multi-Gigabit to over 40 Gbps on a single platform.

To this end, Bivio Networks’ cyber security application platforms have many flexible and agile configuration options that allow the system to be scaled for throughput and performance across a wide range of packet processing workloads. This architecture is uniquely suited to support the deep packet processing capabilities of a variety of open source applications and services. Leveraging Bivio’s carrier-grade platforms, companies and government agencies achieve dramatic increases in the performance of open source applications.

The Bivio platform is specifically designed to host and manage multiple open source applications on a tightly-integrated system. This capability enables network managers and cyber analysts to simultaneously run multiple security applications in parallel on a shared platform to improve network security posture without compromising the system throughput and performance. For example, a single platform could host Suricata along with Argus to deploy both a high-speed network IDS/IPS and bi-directional flow analysis engine as a consolidated cyber solution.

The consolidation of multiple applications on the platform also simplifies and eases system management through a single, efficient, Linux-based interface. This simplified management can reduce the learning curve for users and help reduce system downtime, human error or data loss so that analysts can focus on the core network and cyber monitoring tasks.

This same architecture further enables the platform to deliver unprecedented performance in a single system for processor-intensive open source applications such as the Bro Network Security Monitor. Rather than using a cluster of separate servers, the Bivio platform effectively integrates the equivalent processing performance into a less complex, more compact, and simpler to manage cyber security system.

Get Ahead with Open Source

Budget and security considerations often keep companies and government agencies from getting

“ahead of the curve” when it comes to advancing their networks in support of unique objectives.

But with open source software, cyber teams can more readily implement the applications that are best-suited to mitigate network security threats, facilitate collaboration and adapt to evolving network requirements without the restrictions of proprietary or self-funded initiatives.

Corporations, government agencies, and educational institutions are increasingly recognizing that, when deployed on high-performance cyber application platforms like Bivio’s, the benefits of open source are many and are moving forward to deploy open source applications to lower costs, promote and encourage innovation and safeguard their networks.

For more information on how your cyber team can get ahead with open source applications and Bivio platform solutions, please visit http://www.bivio.net/products.

(7)

About Bivio Networks

Founded in 2000, Bivio Networks is dedicated to providing leading networking products that enable government agencies and service providers to control, monitor and secure critical network infrastructure. A leader in cyber intelligence, cyber security and network control solutions, Bivio has deployed its products in a wide range of environments. Bivio’s global customer base includes leading defense department and intelligence agencies, service providers and enterprises. Bivio is privately-held and is headquartered in the San Francisco Bay Area. More information is available at www.bivio.net.

Bivio Networks, Inc.

4457 Willow Road, Suite 240 Pleasanton, California 94588 Phone: 925-924-8600 Fax: 925-924-8650 www.bivio.net

References

Download now ( PDF - 7 Page - 422.74 KB )

Related documents

Introduction to Market Basket Analysis Bill Qualls, First Analytics, Raleigh, NC

Market Basket Analysis (MBA) is a data mining technique which is widely used in the consumer package goods (CPG) industry to identify which items are purchased together and,

GUIDELINES FOR PROJECT COURSE MSP - 25

After finalizing the topic and the selection of the guide, the student should send the Project Proposal Proforma along with a Copy of the synopsis and Bio-Data of the guide to

Energetically efficient behaviour may be common in biology, but it is not universal: a test of selective tidal stream transport in a poor swimmer.

Time of release and of detection of acoustic tagged lamprey migrating through the 718 Ouse estuary.. The twice daily tidal fluctuations,

Design, Implementation, and Evaluation of Network Monitoring Tasks with the TelegraphCQ Data Stream Management System

Evaluation of Network Monitoring Tasks with the TelegraphCQ Data.. Stream

Drivers\u27 Assessment of Hazard Perception

According to Horrey, Lesch, Mitsopoulos-Rubens, and Lee’s (2015) driver calibration framework, inexperienced drivers should be especially prone to errors in calibration because

Carbon, nitrogen, and water fluxes from turfgrass ecosystems

Figure 5.1 Seasonal measurements of gross photosynthesis (Pg) at midday and volumetric soil water content ( θ v ) in the 0 to 15 cm profile in Kentucky bluegrass, tall fescue,

Growth of organic dye crystals : morphology and polymorphism

The molecular structure is shown in Figure 2.1, the bulk crystal structures of the rhombic and needle-shaped polymorphs at room temperature were determined based on single crystal

The Responsible Travellers

¾ 12 days ex Kathmandu ¾ 8 day lodge based trek ¾ 3 nights city hotel ¾ Maximum Altitude:- 3867M ¾ Daily Walking 4-6 hours ¾ Tour of Highlights of Kathmandu ¾ Return mountain