♪ Straight outta Cisco, crazy app framework called Metron, open-sourced so data’s not crept on ♪
Metron was born out of Cisco’s OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop framework. But where OpenSoc would have consumed and monitored network traffic and machine exhaust data out of data centers, Metron is a framework which can handle any kind of telemetry data.
The project was submitted to the Apache Incubator in December 2015, and its first release, Apache Metron v0.1, debuted in April 2016. As a top-level project its foundations remain in the Hadoop ecosystem, and it is built atop fellow Apache projects Storm, HBase and Kafka to handle streaming data in a real-time fashion.
Metron ingests, transforms, and normalises telemetry, including full network packet capture, and the data it takes in can be enriched with additional elements such as geographic location or asset identifiers as it streams by.
“It is abundantly clear that cybersecurity challenges are becoming a bigger part of our reality,” said Casey Stella, veep of Apache Metron. “Solving them effectively and at scale requires an open source, community-oriented approach built upon proven scalable technologies. This is what Metron is about at its core.”
Current users include Australian telco Telstra, which uses it to power its security operation centers in key service hubs.
“Going through the Apache incubation process really illuminated how valuable and important it was to build vibrant and inclusive communities around code. Having infrastructure support from the ASF and active mentors to shepherd us through the hurdles made all the difference in the world,” added Stella.
“The core ideals of openness, community, and transparency are prerequisites for solving cybersecurity challenges. Metron was a great fit in Apache because the ASF shares those core ideals. It really does take a village to solve the really hard problems,” said the veep. ®