Enabling Cyber Security with Apache Metron and Spot
Apache Metron is a cyber security application to enable streaming data security, detect and respond to threats.It provides Security Monitoring and Analysis having mechanism to store, capture, normalise any type security telemetry at extremely high rates.Enables Real-Time processing, Advanced Behavioural Analytics and application of enrichments.Efficient information storage for concise security visibility.Moreover, centralised view of data and alerts passed through the system.
It comprises of four key capabilities –
- Security Data Lake provides mechanism to search and query for Operational Analytics. Cost Effective storage of enriched telematic data.
- Pluggable Framework to add new enrichment services to raw streaming data. Pluggable Extensions for threat feeds and ability to customize security dashboards.
- Security Application including alerting, replay utilities, evidence store, agents to ingest data sources.
- Threat Intelligence Platform includes defense techniques using Anomaly detection and Machine Learning algorithms applied in Real-Time events.
Apache Spot is cyber security project to leverage insights from packet and flow analysis involving threat detection, investigation, advanced analytics, identifying unknown threats, perimeter flows, internal flows and DNS flows to create fast and efficient data analysis. It uses Parallel Ingest Framework, Machine Learning and Operational Analytics to detect –
- Suspicious DNS Packets
- Reduction of Mean Time to Incident Detection & Resolution (MTTR)
- Threat Incident and Response
- Threat Hunting
- Open Data Models
- Detection of Known and Unknown Threats via Machine Learning