The build vs. buy debate is a longstanding point of evaluation in open source cybersecurity tools. Recently, we’ve seen the do-it-yourself (DIY) theme reemerge among time-pressed security professionals because they wind up working to keep their open source creations up-to-date – rather than securing the enterprise.
This tends to happen in organizations trying to save money. Often it starts by tasking someone with technical skills, but not necessarily cybersecurity skills, with defending the network. Absent budget and headcount, they set out with good intentions and enthusiasm to search for whatever might get the job done, and typically discover a rich trove of free open sources tools.
Technical People Like to Experiment with Tools
Technical professionals like to experiment with new tools, so when they discover powerful tools such as Snort, Suricata or Zeek IDS (formerly known as Bro IDS), their enthusiasm is high. They download the software, stand it up on a server and begin using it.
As with any new tool, they configure it for their unique environment and set out to explore its capabilities. They might change the system policies or they write a script that supports specific detection needs. These new developments are often quite good, and they’ll show off their work to friends with pride, at least for a little while.
Don’t miss these relates posts:
Too Many Security Tools for the SOC?
How Many Daily Cybersecurity Alerts does the SOC Really Receive?
Here’s What Network Threat Hunting Means, Why It Matters, and How to Get Started
Network Growth Brings a Burden to Open Source
If there’s one thing that many networks have in common, it’s that they grow. Network growth is good; it means the business is growing, but it also means that there is more network that needs to be secured and in turn, more open source servers to deploy and maintain. Over time, they stand up more and more servers of their favorite open source tool. Inevitably they reach the point at which the network and the number of open source instances they have deployed to secure it becomes unwieldy.
Part of the unwieldiness stems from the fact that open source projects publish updated versions just like every other software tool. Adding upgrades and patches to servers is a labor-intensive task – especially when you must push scripts to five or 10 or however many sites that have been instrumented for network monitoring.
What started as a simple DIY cost-savings experiment and learning opportunity transforms into a burden. Instead of spending their time securing their network and detecting threats, the bulk of their job becomes nothing more than managing software on multiple servers in multiple locations. It’s a task they wish they could hand off to someone else. Even worse, some leave their position and only then does their employer discover the value of the institutional knowledge that just walked out the door.
Bricata Makes Open Source Network Security Simple
Delivering high-quality, fully-maintained Commercial Off-the-Shelf (COTS) versions of powerful network protection open source tools is one of the things that Bricata does well and appeals to many of our customers. For example, we’ve integrated Suricata and Zeek on a single platform and we handle their policy dissemination, management and software upgrades for you. Since all the sensors are tied to a central management console (CMC), you can centrally monitor, manage, and maintain all the instances you have set up. So, if you too have DIY fatigue, Bricata has the cure.
Bricata provides comprehensive network protection. If you’d like to learn more about how – we’d be glad to show you. Click here to request a demo.
If you enjoyed this post, you might also like:
Bro IDS is One of the Most Powerful Cybersecurity Tools You’ve Never Heard Of