With the arrival of big data platforms, security organizations can now make data-driven decisions about how they protect their assets. Records of network traffic, captured as network flows, are often stored and analyzed for use in network management. An organization can use this same information to gain insight into what channels corporate information flows through.
By taking into account additional context such as prevalent attacks and key protocols to the organization, the security team can develop a strategy that applies the right amount of per-channel risk mitigation based on the value of the data flowing through it. For an organization, we call this “the port perspective”.
There are two vectors that all organizations should evaluate:
A “wide enough, deep enough” protection strategy that involves both edge prevention and sophisticated detection of unusual behavior
A deep inspection of key protocols using methods that can scale to the volume of data flowing across that channel
While inspecting specific, unique flows of data that may be important for individual organizations, all organizations can realize significant risk reduction from analysis of network flows and DNS (domain name service) replies.
Apache Spot by leveraging strong technology in both Big Data and Scientific Computing disciplines is a solution intended to support this strategy by focusing on “hard security problems” detecting events such as lateral movement, side-channel data escapes, insider issues, or stealthy behavior in general.
Running Demo on Docker
docker run -it -p 8889:8889 apachespot/spot-demo
For the full instructions visit the spot on Docker hub
Apache Spot can be installed by following our installation manual. To get started, check out the installation instructions in the documentation.
Apache Spot functionality is divided into different modules, go to each module for developer documentation:
Our Central repository for our Apache Spot solution is found here. If you find a bug, have question or something to discuss please contact us:
Help us improve Apache Spot!
Apache Spot is Apache 2.0 licensed and accepts contributions via GitHub pull requests. Please follow the next steps and join our community.
Apache Spot maintainers use +1 in a comment on the code review to indicate acceptance, at least 3 “+1” from maintainers are required to approve the merge. If you have any question or concern please feel free to add a comment in your pull request or branch and tag any of the maintainers.
Apache Spot is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.