Tracking what traverses a network is an increasingly complicated challenge. Among the many groups looking to help provide network flow visibility is the Open Argus Project.
Open Argus has its roots in the Argus network flow system that was developed in the 1980s at Georgia Tech. The effort had been privately funded as an open source effort and is now benefiting from the sponsorship of CounterFlow AI, which will also be building a commercial solution that integrates Argus.
Randy Caldejon, CEO and co-founder of CounterFlow, told Enterprise Networking Planet that CounterFlow recently implemented a 40Gbps network visibility solution for a customer based on Argus. He noted that the proof-of-concept proved to be a huge success and as a result, CounterFlow is basing the ThreatEye sensor it is delivering on a modified version of Argus.
“Argus extracts data features from network traffic that is typically included with the netflow v9 data model plus much more,” Caldejon said. “In addition, Argus extracts packet dynamic measurements like round-trip time, TCP state statistics, inter-packet arrival times, jitter, payload size distribution, producer-consumer ratio, and key stroke identification.”
Adding AI to Network Flow Data
CounterFlow is in the business of providing machine learning enhanced network visibility. As part of the sponsorship, Caldejon said that CounterFlow is collaborating with Carter Bullard, the maintainer of Argus, to integrate machine learning technology with Argus.
“More specifically, CounterFlow’s contribution is software called raml, which is an Argus client that can apply streaming analytics based on machine learning to the Argus flow record stream at wire-speed,” he explained. “CounterFlow plans to publish the first release of the software this month.”
The big challenge for network visibility is that as the industry trends to more encrypted traffic, traditional cybersecurity solutions like firewalls and intrusion detection systems are losing visibility into network traffic. Caldejon explained that CounterFlow AI is addressing the growing network visibility gap by employing cryptanalysis techniques to identify patterns associated with network faults, anomalies, and threats.
“In our case, cryptanalysis means discovering hidden patterns about network traffic without cracking the encryption key,” Caldejon said. “We do this by analyzing network traffic with streaming machine learning using the rich flow and packet dynamics features that Argus generates.”
Sean Michael Kerner is a senior editor at EnterpriseNetworkingPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.