OPNids Open-Source Project Lays Foundation for AI Driven Alert Triage

Counterflow AI, a leading threat hunting solutions firm for security operations centers (SOCs) and Deciso, a global security appliance provider and sponsor of the Opensense security platform project, announced the launch of the OPNids Project. The project is an open source initiative for promoting a data science approach to incident response and threat hunting through the development and deployment of sophisticated machine learning models.

The OPNids Project provides the open source community and SOC analysts around the world the ability to create a flexible security stack built on open source security architecture. This marks the first time that analysts can integrate a machine learning engine (MLE) with the Suricata intrusion detection engine for network inspection of complex threats. Users can immediately download and experiment with the OPNids DragonFly Machine Learning Engine (MLE). The OPNids code is hosted on GitHub, allowing for iterative contributions and improvement by the open source community.

An Intuitive Data Science Driven Approach

The MLE can be installed at the network sensor level allowing data to be extracted directly from the network, reducing the data pipeline complexity and giving analysts an accelerated pathway to deploy anomaly detection algorithms, threat intelligence lookups, and machine learning predictions.

The result is significant improvement in the incident response and threat hunting processes, as SOC analysts can now reduce false positive alerts and time to detection. The Machine Learning Engine automates alert triage using ML-based analyzers that provide context to validate and prioritize alerts as well as highlight anomalies and potential ˜indicators of compromise.


Subscribe to the Global Banking & Finance Review Newsletter for FREE
Get Access to Exclusive Reports to Save Time & Money

By using this form you agree with the storage and handling of your data by this website. We Will Not Spam, Rent, or Sell Your Information.
All emails include an unsubscribe link. You may opt-out at any time. See our privacy policy.

The fusion of cyber security and data science is long overdue. Analysts are overworked, burnt out and bombarded with the sheer number of alerts overwhelming the SOC. Machine learning must be embraced to alleviate this workload and CounterFlow AI is taking the right step forward to bridge the gap of ML for cybersecurity, said Brennan Lodge, Data Scientist Vice President, Goldman Sachs. By creating transparency with its open source code the future of defending attacks and making the internet safer is looking brighter for us all with Counterflow AI.

As an open source security architecture, OPNids is helping to build community and industry trust in machine learning though ˜explainable AI. The ML-based analyzers can be created and applied to all levels of the data science hierarchy including counts, statistics and machine learning models. The OPNids Application Programming Interfaces (APIs) can be used to visualize the detail of the ML analyzers and provide deeper context to further educate analysts and gain confidence in the indicators.

As a long-standing member of and contributor to the Suricata community, I recognize the time is now to enhance the scope and reach of Suricata intrusion detection. A data science-driven approach is what the SOC analyst needs to address todays challenges of being overwhelmed with alerts and having ineffective tools to hunt for unknown zero-day threats, said Randy Caldejon, CEO and co-founder of Counterflow AI. Introducing OPNids and the Dragonfly Machine Learning Engine through the open source channel will help encourage trust and adoption of machine learning techniques.

Introducing OPNids Pro

In addition to the open source community supported download via GitHub, Counterflow AI is unveiling OPNids Pro, a hardware-packaged version with additional technical support. OPNids Pro includes OPNids with the Machine Learning Engine (MLE) application pre-loaded on a 1GB sensor with 1TB of packet cache storage. This version also offers easy integration with a SOCs existing SIEM solutions including Graylog and Splunk, with additional integrations in the pipeline.

Armed with more analytics and threat insights through OPNids Pro, a SOC analyst can focus their efforts on the most high-risk threats. and using the offerings packet cache, can drill down on the alert related PCAP data for robust incident response investigations. The Pro offering provides a holistic and enriched environment for a SOC team to perform incident management alert triage and proactive threat hunting.

OPNids at SuriCon 2018

OPNids Pro will make its official debut at this years SuriCon conference presented by the Open Information Security Foundation (OISF) beginning November 14 in Vancouver, British Columbia, Canada. Counterflow AI CEO and co-founder, Randy Caldejon, will lead a special session entitled, Open Source: Securing Your Network to discuss the importance of open source technology and formally introduce OPNids. Demos of OPNids Pro will take place throughout the show at the Counterflow AI exhibitor booth.

For more information on OPNids, please visit www.opnids.io

About Counterflow AI

CounterFlow AI builds threat-hunting solutions for world-class security operation centers (SOC). The company is redefining the art of threat hunting by utilizing machine learning and sensing at the edge of the network to drive targeting operations in real time. CounterFlow AIs flagship product, Dragonfly Threat Sensor, is a cybersecurity platform that integrates signature inspection, machine learning, and adaptive packet capture, enabling security analysts to significantly reduce time to detection and response. To learn more about Counterflow AI, visit www.counterflow.ai/.

About Deciso

Deciso is a highly innovative company that develops network appliances and middleware software. Their field of expertise ranges from open source firewall and utm technology to telecommunications and business intelligence. The company was founded in 2000 with a strong focus on open source technology. For more information on Deciso, visit www.deciso.com/.

For OPNids inquiries:
W2 Communications
Tony Welz,
[email protected]