On Tuesday April 12th, we released the first of our multi-part Big Data Cybersecurity Analytics blog series titled Roots of Apache Metron, authored by the Hortonworks product management and engineering teams, to announce Apache Metron 0.1 release. Built with the Apache Community, Metron is a next generation cyber security application that detects and responds to Advanced Persistent Threats. Security Operation Centers (SOC) can receive alerts to suspicious events as a result of filtering, enriching, storing and analyzing telemetry data or “data in motion” (logs, network, packet capture, etc.). In the HCC article, Metron Explained, George Vetticaden, Hortonworks Principal Architect and Cybersecurity Product Manager, discusses the roots of Apache Metron and traces a telemetry event as it flows across the platform. This leads to the following questions that we will cover here, as well as in the HCC article, Apache Metron User Personas and Why Metron?.
Bridging the Cybersecurity Talent Gap
In the U.S. alone, companies posted 49,493 jobs requiring Certified Information Systems Security Professional (CISSP) certification last year, however, there are only 65,362 CISSP holders, the majority of whom are already employed. (Burning Glass Technologies. Job Market Intelligence: Cybersecurity Jobs 2015). Metron helps organizations discover the true value they can deliver by building capabilities in their people and processes to bridge the talent gap. There are six different security professionals in the SOC who can all benefit from using Metron. Each professional has well-defined responsibilities and different objectives. Metron is built to help the SOC and people scale with real-time data ingestion, telemetries that are correlated, an automated incident response process, easier data access and search, and vulnerability management and integration with external threat intel sources. In a later blog we will cover Metron’s SOC maturity model and how organizations move through the different levels maturing to analytics and machine learning that big data platforms like Hadoop and Metron’s Security Analytics help enable for them.
Apache Metron’s Consumers
There are six user personas that Metron aims to target.
For a more in depth look at Metron’s user personas, please see the HCC article: Apache Metron User Personas and Why Metron?.
Apache Metron Core Functional Themes
We will now describe the four core functional themes that Metron will focus on. As the community around Metron continues to grow, new features and enhancements will be prioritized across these four themes.
The 4 core functional themes are the following:
Apache Metron Release 0.1 and its Target Personas and Themes
Over the last 4 months, the community led by Hortonworks, has been hard at work on Apache Metron’s first release (Metron 0.1).
Now that we have highlighted the user personas and core themes for Metron, the following depicts where the engineering focus has been for Metron 0.1.
As the diagram above illustrates, the key focus areas for Metron 0.1 are the following:
More Details on HCC
More details on Metron user personas and what those users can do with the platform that they couldn’t do with traditional security tools can be found in the following HCC article: Apache Metron User Personas and Why Metron?.
About the Authors
Bio: George Vetticaden is a Principal Architect at Hortonworks, Senior Product Owner/Manager for Metron/CyberSecurity, and committer on the Apache Metron project. Over the last 4 years at Hortonworks, George has spent time in the field with enterprise customers helping them build big data solutions on top of Hadoop. In his previous role at Hortonworks, George was the Director of Solutions Engineering where he led a team of 15 Big Data Senior Solution Architects helping large enterprise customers with use case inception, design, architecture, to implementation of use cases monetizing data with Hadoop. George graduated from Trinity University with a BA in Computer Science.
(LinkedIn Profile: https://www.linkedin.com/in/georgevetticaden)
Bio: James Sirota is Director of Security Solutions at Hortonworks and committer on the Apache Metron project. Previously James was the Chief Data Scientist at Cisco focused on Big Data security analytics, and spearheaded OpenSOC. His primary expertise is in the design and implementation of Big Data platforms on top of Hadoop, MapReduce, Yarn, Storm, Kafka, Elastic Search and Flume. James holds a Data Science degree, a Master’s in Computer Engineering and is a licensed information security professional.
(LinkedIn Profile: https://www.linkedin.com/in/jsirota )