Cisco is no stranger to the open-source world and is now expanding its efforts with the OpenSOC (Security Operation Center), a project that is freely available on Github.
At first glance, OpenSOC might appear to be a SIEM (Security Information and Event Management) system, but according to Annie Ballew, solutions architect in the Cisco Security Business Group, it isn’t a SIEM technology in the traditional sense. Rather, Ballew said that OpenSOC should be considered a Big Data technology for security analytics.
“Our goal is to push the technology forward for overall security incident investigation and visibility by leveraging advanced Big Data techniques,” Ballew said. “OpenSOC does provide SIEM-like capabilities, but it also incorporates forensics capabilities, enables machine learning and analytics, and rapidly applies external information sources to security and network telemetry as it comes in.”
Earlier this year, Chris Young, former SVP of security at Cisco, told Enterprise Networking Planet in a video interview that Cisco did not need its own SIEM platform. The SIEM market includes multiple vendors, with IBM’s Qradar and HP’s ArcSight among the industry leaders.
While the OpenSOC project itself is open-source, Cisco is already leveraging the technology in its commercial products.
“OpenSOC is currently included in our Managed Threat Defense services offering, where it is installed, implemented and fully operationalized,” Ballew said.
Cisco launched its Managed Threat Defense service in April. The service manages and monitors logs as well as a customer’s security event lifecycle.
Ballew added that OpenSOC is also integrated with various other Cisco security components, such as Sourcefire, FirePower, NGIPS, SourceFire AMP, and ThreatGrid.
From a component perspective, the open-source Kibana project, which provides analytics and a search dashboard for the open-source Elasticsearch project, is a key part of OpenSOC. Elasticsearch is a leading open-source data analytics search platform.
“Cisco does have a working relationship with Elasticsearch, but not specifically as it relates to the Kibana component,” Ballew said. “In general, OpenSOC is simply consuming Kibana as an open-source technology.”
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.