Hunt cyber threats with community-driven Apache Spot
What’s more secure than a guard dog? How about an open source machine learning-based project? Apache Spot is hunting down cyber threats and needs contributors.
Meet your new cybersecurity fighting tool and your new team of security analysts. Apache Spot is a shared open source cybersecurity project that focuses on the power of strength in numbers. It is still in incubation, but it is currently looking for contributors. It was developed by big names Intel and Cloudera but given to the Apache Software Foundation. Open source projects are the heart of Apache Spot’s strength and here at JAXenter we are quite open about our love affair with open source. (Why compete when you can play co-op?)
From the Apache Spot website it is described as: “…an open source software for leveraging insights from flow and packet analysis. Spot expedites threat detection, investigation, and remediation via machine learning and consolidates all enterprise security data into a comprehensive IT telemetry hub based on open data models.”
SEE ALSO: “The Apache Way” – Open source done well
What are the advantages of Apache Spot?
One of the main focuses of Apache Spot is that it grows stronger with feedback thanks to some very advanced machine learning which helps sift through the proverbial static. It searches for patterns, filters out traffic, uses heuristics, and highlights potential threat attacks for the community to investigate in further detail. It lists the top suspicious flows, top user threats, top endpoint threats, and top network threats. Machine learning is much more complex and advanced than simply scanning through billions of points of data, so it will ensure that advanced threats will be detected that a person may have missed by themselves. The machine learning applications all run simultaneously on a shared data set. It’s the hyper sensitive dog that stops and sniffs at every corner, processing every bit of data as it goes along. This also means that it’s faster, better, more responsive, and uses some big data tools for some serious heavy lifting.
Some key features of Apache Spot:
- Suspicious DNS packets: Apache Spot inspects DNS traffic and sorts through searching for suspicious patterns
- Threat Incident and Response: Investigate a specific IP address’ communication patterns and networks
- Suspicious Connects: Machine learning helps build models of communication patterns and searches the connections
- Storyboard: Take a deeper look into suspicious network activity
- Open Data Models: Apache Spot uses an open data model to collect and analyze security telemetry
- Collaboration: Using Hadoop, run analytics on data and share it easily
SEE ALSO: What is Apache Hadoop?
The Apache Spot website also lists some use cases for the project, including networking traffic analytics, threat hunting, and cybersecurity data management.
Apache Spot brings all the “good guys” together so they can collaborate and stay one step ahead on cybersecurity. Surely, the “bad guys” are collaborating, trying their best to find loopholes in security, so why not even out the competition? Apache Spot is like having a group of like-minded superheroes at your fingertips, making it easy to share security data and analyze the threats. Apache Spot may change the landscape of peer-focused cybersecurity, and it can only get better with greater numbers of people working together.