Cisco is no stranger to the open-source world and is now expanding its efforts with the OpenSOC (Security Operation Center), which is a project that is freely available on Github.
OpenSOC at first glance might appear to be a SIEM (Security Information and Event Management) system but according to Annie Ballew, Solutions Architect in the Cisco Security Business Group, it isn’t a SIEM technology in the traditional sense. Rather Ballew said that OpenSOC should be considered as a big data technology for security analytics.
“Our goal is to push the technology forward for overall security incident investigation and visibility by leveraging advanced big data techniques,” Ballew said. “OpenSOC does provide SIEM-like capabilities, but it also incorporates forensics capabilities, enables machine learning and analytics, and rapidly applies external information sources to security and network telemetry as it comes in.
Earlier this year Chris Young, former SVP of security at Cisco told Enterprise Networking Planet in a video interview that Cisco did not need its own SIEM platform. The SIEM market includes multiple vendors with IBM’s Qradar and HP’s ArcSight among the industry leaders.
“OpenSOC is currently included in our Managed Threat Defense services offering where it is installed, implemented and fully operationalized,” Ballew said.
Cisco launched its Manage Threat Defense service in April. That service manages and monitors logs as well as a customer’s security event lifecycle.
Ballew added that OpenSOC is also integrated with various other Cisco security components such as Sourcefire FirePower NGIPS, SourceFire AMP, and ThreatGrid.
From a component perspective, the open-source Kibana project which provides analytics and a search dashboard for the open-source Elasticsearch project is key part of OpenSOC. Elasticsearch is a leading open-source data analytics search platform.
“Cisco does have a working relationship with Elasticsearch but not specifically as it relates to the Kibana component,” Ballew said. “In general, OpenSOC is simply consuming Kibana as an open-source technology.”