Open Network Insight Project Develops Security using Big Data

FREMONT, CA: The open-source, Open Network Insight (ONI) project is seeing early adoption by many organizations as a platform for storage and as a means to improve its security using big data; as a move to gain an upper hand against attackers, reports Sean Michael Kernerfor eWeek.

The ONI project is just a month and a half old and has gained attention of many organizations such as eBay, Accenture, Intel, Cloudera and more, as a suitable platform for storing cyber-security information.

According to Cloudera, ONI project is not just a Hadoop big data platforms but a platform that includes the open-source Wireshark project, a widely used packet sniffing and analysis technology; nfdump, a netflow network packet capture tool; and the D3 JavaScript visualization libraryand the Jupyter project for reporting. By utilizing Hadoop as the back end for storing data, organizations can analyze and process more data than that in a non-big data approach.

The challenges that Hadoop faces as the basis of a security platform, is the fact that many organizations have built their own approaches and that there hasn’t been a standard model. ONI aims to solve this by representing a common model and format for network data in Hadoop, irrespective of network device or vendor that it comes from.

Although ONI has a focus on network events, it is also a platform for performing User Behavior Analytics (UBA), which is an increasingly common security activity for detecting anomalous user activity. From a reporting point of view, the Jupyter component powers the ONI dashboard and helps an administrator to target and track into specific events and IP addresses, as well as filter by date and packet header information.

 "Hadoop is a really great platform for storing cyber-security information, and this is a use case that we see across industries," says Eddie Garcia, chief security architect, Cloudera. "What we're enabling is a platform to store network data and do analytics on top. In the future, what we see is an open model to enable other threat and security analysis, including users and servers," he added.