ONI is an open source, Apache 2.0 licensed cybersecurity project that claims to leverage big data analytics and machine learning to detect advanced threats and provide actionable insights into operational and security threats. It runs on Cloudera Enterprise Data Hub (EDH) and can analyze numerous events in order to detect unknown threats, insider threats, and gain a new level of visibility into the network, says the company.
By extending ONI’s open data model into identity with the inclusion of Centrify, the company is allowing users to centralize identity and account credential data, integrated it into cybersecurity applications that leverage ONI. In a company blog, Centrify claims that it will help customers protect themselves from cyber threats by enriching existing security data with information that Centrify captures through its Identity Platform.
How does it work?
Parallel Ingest Framework: The system uses decoders, optimized from open source, that decode binary flow and packet data, which then loads into hadoop distributed file system (HDFS) and data structures inside hadoop. The decoded data is then stored in multiple formats so that it is available for searching and can be used for machine learning.
Machine Learning: Uses a combination of Apache Spark and optimized C code to run scalable machine learning algorithms. The machine learning component works not only as a filter for separating bad traffic from benign, but also as a way to characterize the unique behavior of network traffic in an organization.
Operational Analytics: In addition to machine learning, a proven process of context enrichment, noise filtering, whitelisting and heuristics are applied to network data to produce a short list of the most likely patterns, that constitute as security threats.
Tom Reilly, CEO, Cloudera, said:
Centrify’s participation marks a major milestone for ONI. By adding the ability to integrate information about user identities alongside of data about network traffic and endpoints, the project is fulfilling on its promise to support a broad range of cybersecurity data sources that can be used to identify advanced threats and cyber attacks.
Reportedly, ONI is also capable of performing deep-packet inspection of domain name system (DNS) traffic to build a profile of probable and improbable DNS payloads. After visualizing, normalizing, and conducting pattern searches, the analyst has a shortlist of the most likely threats present in DNS traffic.
Bill Mann, CPO, Centrify, said:
We are excited to join the ONI community to further expand the underlying open data model to identity-based security. Our approach to cybersecurity needs a rethink, and ONI is an example of that. Community-driven efforts will play a major role in the future of cybersecurity since this project is leveraging machine learning and big data analytics in ways that are addressing risk with speed, efficiency and accuracy.