The Bro Exchange
Earlier this month, ICSI's Bro team held the first "Bro Exchange:" a meeting aimed at bringing together a large number of Bro users to exchange thoughts and experiences deploying the system. Bro is an open-source network security monitor developed by a team of researchers and engineers at ICSI and NCSA. About 50 Bro users from industry, research labs, and universities attended the event, which was hosted by the National Center for Atmospheric Research in Boulder, Colorado.
At the Exchange, speakers presented several new developments, including Bro's integration into Security Onion, a Linux distribution tailored to security monitoring; a novel user-interface, Brownian, which is currently in development at Carnegie Mellon; and the ICSI-developed Input Framework (Input Framwork .pdf here) for integrating external intelligence dynamically into the system at runtime. Operators from the Lawrence Berkeley National Laboratory and its supercomputing center NERSC discussed their operational Bro deployments, including specifics of a recent high-profile security incident discovered by Bro. Slides and videos from most of the talks will be available soon on the Bro web site.
More About Bro:
Bro provides a comprehensive open-source platform for network security analysis. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception by serving as both a research platform and an operational intrusion detection system. Today, it is used to monitor and secure the cyberinfrastructure at major universities, research labs, supercomputing centers, and open-science communities.
ICSI recently released a beta version of the upcoming Bro version 2.1, and development on the next release cycle is about to begin. Bro has a blog that provides regular updates, and you can follow @Bro_IDS on Twitter. For more information and downloads of the Bro distribution, visit http://www.bro-ids.org/.