This is a historic year for the FIFA World cup, for the first time they’ve implemented VAR (a Video Assistant Referee) at the tournament. VAR is there to intervene when officials have made a clear and obvious error in decisions involving goals, penalties, red cards and mistaken identity.
The large number of cameras in the stadium give the VAR a chance to look at every angle and understand what happened, when it happened, who was involved and who was at fault to make the right decision and take the correct action. This all has to be done in super quick time so as to not disrupt the flow of a match. How things could have been different if Maradona’s “Hand of God” in 1986 was disallowed! And what if Spain’s 2 incorrectly disallowed goals in 2002 against South Korea had stood?
Liken this to your network security. What if you had all this information, could look back in super quick time, understand who was involved, what they did, what impact it had and from there make the right remediation decision and put the right strategy in place.
Well actually you can! The technology has been around for 20 years, however it seems to me to be the best kept secret in IT. Ask most people if they’ve heard of Bro and normally you get an inquisitive answer, “Did you just say Bro? What’s that?”
Well, Bro, is an open-source framework that gives you total visibility over your network traffic in real-time and was initially created in the 1990s. For the first fifteen years of its life, it was seen as this impressive yet difficult solution, which was best suited for high performance and critical environments. However, in recent years more organisations are relying on the security based information that Bro provides for forensics, Incident Response and threat hunting. Like VAR, it’s used to validate or disprove information from another decision, or used to look further into data to find the real culprit.
You have to think of Bro like a flight data recorder, it sees everything, characterises it and pushes it into your SIEM creating specific logs for amongst others, Http, DNS, RDP, SMB Files, NTLM, SSL, the list goes on, giving you everything you need to easily find the answers.
Where before this was difficult to achieve, Teneo has partnered with Corelight, the founders of Bro, who’ve created a Network Sensor which takes away both the mystery and pain of deploying Bro.
Organisations use Bro to tackle areas such as gaining visibility into complex networks, seeing into the disappearing boundary between the inside and outside of a network and tackling Evolving Threats. With threats becoming more challenging, the ability to detect and investigate such areas as Malware infections, DOS attacks, data exfiltration among others becomes possible with the powerful Bro data. As so much of an enterprise’s traffic runs over SMB, SMB Analysis support has been added to provide analysis of Windows traffic.
Enterprises have discovered after deploying Bro that security incidents can often be resolved with this data alone. When an alert is generated, the incident responders (the VAR) can turn immediately to Bro data for context and understanding. That’s because Bro parses dozens of network protocols, extracts files directly from network traffic, speaks IPv4 and IPv6 natively, and is capable of controlling network devices such as routers and switches. Bro also includes a dedicated programming language for building applications, plus the ability to ingest intelligence feeds and log streams. And this brief description barely scratches the surface. Bro is simply the most flexible and powerful platform for network traffic analysis in the world.
In conclusion, if the beautiful game has adopted this technology to move with the times, you need to as well. Contact me if you’d like a Bro demo.