Bro Center of Expertise to support cybersecurity operations
10.01.13 - Permalink
The National Science Foundation has awarded a three-year, $3.4 million dollar grant to cybersecurity experts at the International Computer Science Institute (ICSI) and the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign. They will provide training and technology for deploying the Bro network security monitor at NSF-funded sites of all sizes. The project, which establishes the Bro Center of Expertise, will also help members of the research community leverage Bro as a deployment platform for their networking research.
Bro is a widely deployed open-source network monitoring platform maintained by ICSI and NCSA, with support from NSF. It was originally developed by Vern Paxson, who now directs networking and security research at ICSI and who will help lead the center. Today, Bro is used to monitor and secure the network infrastructure at major universities, research labs, supercomputing centers, open-science communities, and Fortune 50 companies.
“For many NSF-supported sites Bro has become key to protecting their cyberinfrastructure,” said Robin Sommer of ICSI’s networking and security group, who, with NCSA’s Adam Slagell, leads the project. “The Center gives these organizations a central point of contact for guidance and best practices, and it enables us to tailor Bro further to the unique needs of the open-science community.”
The new center offers support to NSF-funded sites, from small colleges to large research facilities. A team with backgrounds in research, operations, and engineering will help such institutions install and operate Bro. The team will also develop guidelines that aid the NSF community in creating custom Bro installations.
At the same time, the team will continue to maintain Bro’s open-source code base, and it will extend the system with novel capabilities that cater to the specific needs of open-science networks. Universities and research institutes tend to have more liberal networking policies than commercial organizations do, putting them at greater risk and making it more difficult to find malicious behavior as users are performing a greater variety of tasks on the network. Scientific networks also often face performance challenges when supporting high-performance applications. The team at ICSI and NCSA will be working to improve the effectiveness of Bro in such environments.
A third thrust of the project aims to leverage existing Bro installations to facilitate networking research. Bro’s wide deployment provides researchers with a platform to deploy prototype technology with little risk of disrupting ongoing operations. The team will support researchers in exploiting this potential.
“The cyberinfrastructure used by our scientists and engineers is critical to our nation’s competitiveness. This center will provide the expertise to projects and centers big and small to help protect these resources by reaching out directly to these communities,” said Slagell. “Traditionally, it has been hard for small organizations to get started with Bro, and we will be providing the assistance to get over that inertia of the first deployment.”
The Bro Center is funded by the NSF through grant number ACI-1348077.
The International Computer Science Institute (ICSI) is a leading center for research in computer science and one of the few independent, nonprofit research institutes in the United States. With its unique focus on international collaboration and its affiliation with the University of California at Berkeley, ICSI brings together the most influential U.S. scientists and experts from around the world in areas such as computer networking and security, speech and language processing, algorithms, bioinformatics, computer architecture, computer vision, multimedia analysis, and artificial intelligence. For more information, visit ICSI at www.ICSI.berkeley.edu, follow us at www.twitter.com/ICSIatBerkeley, or read our blog at http://www.ICSI.berkeley.edu/icsi/blog.
The National Center for Supercomputing Applications (NCSA), located at the University of Illinois at Urbana-Champaign, provides computing, data, networking, and visualization resources and services that help scientists and engineers across the country better understand our world. For more information, visit www.ncsa.illinois.edu.
Bro provides a comprehensive open-source platform for network security analysis. Well-grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its initial design by Professor Vern Paxson, serving as both a research platform and an operational intrusion detection system. Today, it is developed at ICSI and NCSA and is used to monitor and secure the cyberinfrastructure at major universities, research labs, supercomputing centers, open-science communities, and enterprises.