The Bro Project Renames Bro IDS to Zeek IDS

One of the most powerful cybersecurity tools you have never heard of just got a new name.

The team leading The Bro Project has renamed the project to Zeek. The name change was announced to the open source community attending its annual conference, BroCon 2018, that wrapped up in mid-October.

For about 20 years, the project has championed the Bro IDS framework, which is a very powerful network monitoring tool that can capture hundreds of metadata fields about network connections. This metadata provides unmatched visibility into network traffic to identify behavior anomalies, such as suspicious or even threat activity.

The capabilities that Bro provides are so expansive, it conjures up important privacy discussions in network security monitoring. In fact, the namesake “Bro” stems from Orwellian roots – Big Brother – and the name was intended to serve as a constant reminder to users of the ethical responsibilities that come with the tool.

The Project Introduces Zeek IDS

Unfortunately, the term Bro has taken on new meaning in recent years. The project leadership team said in a blog post about the renaming, that it had “heard clear concerns from the Bro community that the name ‘Bro’ has taken on strongly negative connotations.”

The new name given to the project is Zeek. The designation is derived in part from a “fondness for quirky, pithy names for open-source projects” and inspiration from “Gary Larson’s use of Zeek characters in various ‘The Far Side’ cartoons.”

What is the Bricata Connection to Zeek?

The Zeek IDS is one of three detection engines Bricata embeds in its comprehensive threat protection platform alongside Suricata (also open source) and the Cylance malware conviction engine. Each of these detection tools examine threats in different ways, which in aggregate helps provide the total network security Bricata delivers.

More importantly, it’s not just that Bricata put three different security technologies on a platform – it’s also the way these have been carefully weaved together. For example, Bricata uses the metadata the Zeek IDS generates to enrich the alerts triggered by the other IDS engines. This provides context that helps reduce the volume of false positive alerts. In addition, this metadata is indexed and can be filtered, which enables a security analyst to quickly pivot from alert triage to threat hunting in the Bricata platform.

To that end, we’re obviously big supporters and sponsors of The Zeek Project and the talent that’s blossomed around the technology. Changing names is never easy, especially when there is a loyal and passionate community of users involved. We congratulate the leadership team on navigating a difficult evolution in the history of the project and look forward to supporting future developments and initiatives.

If you’d like to learn more about this topic, here are some of the posts we published before the name changed from Bro to Zeek:

In addition, you’d like to see our product and the capabilities it offers for triaging alerts, contact us for a live demonstration.

If you enjoyed this post, you might also like:
Here’s What Network Threat Hunting Means, Why It Matters, and How to Get Started

Back to Blog


Fast-Growing Network Security Startup Bricata Enlists New Chief Product Officer and Vice President of Sales
Newest Additions to the Leadership Team Adds Decades of Experience in Product Innovation and Sales Strategy
+ +