Project’s data science driven approach extends Suricata signature detection in support of incident response and threat hunting
Counterflow AI, a leading threat hunting solutions firm for security operations centers (SOCs) and Deciso, a global security appliance provider and sponsor of the Opensense security platform project, announced the launch of the OPNids Project. The project is an open source initiative for promoting a data science approach to incident response and threat hunting through the development and deployment of sophisticated machine learning models.
The OPNids Project provides the open source community and SOC analysts around the world the ability to create a flexible security stack built on open source security architecture. This marks the first time that analysts can integrate a machine learning engine (MLE) with the Suricata intrusion detection engine for network inspection of complex threats. Users can immediately download and experiment with the OPNids DragonFly Machine Learning Engine (MLE). The OPNids code is hosted on GitHub, allowing for iterative contributions and improvement by the open source community.
Read More: Interview with Ben Goertzel, CEO at SingularityNET
An Intuitive Data Science Driven Approach
The MLE can be installed at the network sensor level allowing data to be extracted directly from the network, reducing the data pipeline complexity and giving analysts an accelerated pathway to deploy anomaly detection algorithms, threat intelligence lookups, and machine learning predictions.
The result is significant improvement in the incident response and threat hunting processes, as SOC analysts can now reduce false positive alerts and time to detection. The Machine Learning Engine automates alert triage using ML-based analyzers that provide context to validate and prioritize alerts as well as highlight anomalies and potential ‘indicators of compromise’.
Read More: Palo Alto Networks Appoints Amit K. Singh as President
“The fusion of cyber security and data science is long overdue. Analysts are overworked, burnt out and bombarded with the sheer number of alerts overwhelming the SOC. Machine learning must be embraced to alleviate this workload and CounterFlow AI is taking the right step forward to bridge the gap of ML for cybersecurity,” said Brennan Lodge, Data Scientist Vice President, Goldman Sachs. “By creating transparency with its open source code the future of defending attacks and making the internet safer is looking brighter for us all with Counterflow AI.”
As an open source security architecture, OPNids is helping to build community and industry trust in machine learning though ‘explainable AI’. The ML-based analyzers can be created and applied to all levels of the data science hierarchy including counts, statistics and machine learning models. The OPNids Application Programming Interfaces (APIs) can be used to visualize the detail of the ML analyzers and provide deeper context to further educate analysts and gain confidence in the indicators.
Read More: Interview with Angel Gambino, CEO and Founder of Sensai
“As a long-standing member of and contributor to the Suricata community, I recognize the time is now to enhance the scope and reach of Suricata intrusion detection. A data science-driven approach is what the SOC analyst needs to address today’s challenges of being overwhelmed with alerts and having ineffective tools to hunt for unknown zero-day threats,” said Randy Caldejon, CEO and co-founder of Counterflow AI. “Introducing OPNids and the Dragonfly Machine Learning Engine through the open source channel will help encourage trust and adoption of machine learning techniques.”
Read More: Interview with Jeffrey Kofman, CEO and Founder at Trint
Introducing OPNids Pro
In addition to the open source community supported download via GitHub, Counterflow AI is unveiling OPNids Pro, a hardware-packaged version with additional technical support. OPNids Pro includes OPNids with the Machine Learning Engine (MLE) application pre-loaded on a 1GB sensor with 1TB of packet cache storage. This version also offers easy integration with a SOC’s existing SIEM solutions including Graylog and Splunk, with additional integrations in the pipeline.
Read More: The Top 5 “Recipes” That Give AI Projects a Higher Likelihood of Success
Armed with more analytics and threat insights through OPNids Pro, a SOC analyst can focus their efforts on the most high-risk threats. and using the offering’s packet cache, can drill down on the alert related PCAP data for robust incident response investigations. The Pro offering provides a holistic and enriched environment for a SOC team to perform incident management alert triage and proactive threat hunting.
Read More: Fluor Uses IBM Watson to Deliver Predictive Analytics Capability for Megaprojects
Industrial copper recovery Copper scrap purchase Scrap metal reconstruction
Copper cable scrap grades, Metal trade insurance, Copper recycling certifications
Fantastic beat ! I wish to apprentice even as you amend your web site, how can i subscribe for a blog web site? The account aided me a appropriate deal. I were tiny bit familiar of this your broadcast provided shiny transparent concept
I visited multiple web sites except the audio quality for audio songs present at this website is really excellent.
Good article. I certainly love this website. Keep writing!
Welcome to one of the good chatting Online Girl free live mature s** cams of mobile evices
ГГУ имени Ф.Скорины
Hello there, You have performed an excellent job. I will definitely digg it and for my part recommend to my friends. I am sure they will be benefited from this site.
whoah this blog is fantastic i really like reading your articles. Stay up the good work! You recognize, many individuals are hunting around for this info, you can help them greatly.
I am curious to find out what blog system you have been utilizing? I’m experiencing some minor security problems with my latest website and I would like to find something more safe. Do you have any solutions?
Its like you read my mind! You seem to know so much approximately this, like you wrote the guide in it or something. I think that you simply could do with some p.c. to pressure the message house a bit, however other than that, this is magnificent blog. An excellent read. I’ll definitely be back.
Do you have a spam issue on this site; I also am a blogger, and I was wanting to know your situation; many of us have created some nice methods and we are looking to trade solutions with other folks, be sure to shoot me an e-mail if interested.
My relatives always say that I am wasting my time here at net, except I know I am getting familiarity everyday by reading such good posts.
Pretty great post. I simply stumbled upon your blog and wanted to mention that I have really enjoyed browsing your blog posts. In any case I’ll be subscribing in your feed and I am hoping you write again soon!
Thank you for some other wonderful article. Where else may anyone get that kind of information in such a perfect method of writing? I have a presentation next week, and I am at the look for such information.
Строительство автомойки – сложный процесс. Мы обеспечиваем профессиональный подход на каждом этапе, чтобы ваш бизнес процветал.
Hi there, yes this piece of writing is in fact pleasant and I have learned lot of things from it regarding blogging. thanks.
It is not my first time to go to see this website, i am visiting this site dailly and take pleasant data from here everyday.
I all the time used to read post in news papers but now as I am a user of web thus from now I am using net for articles, thanks to web.
Hi! Quick question that’s completely off topic. Do you know how to make your site mobile friendly? My blog looks weird when viewing from my iphone4. I’m trying to find a theme or plugin that might be able to fix this problem. If you have any suggestions, please share. Thank you!