Bro is a highly flexible open-source monitoring platform that is today protecting some of the largest networks around; including deployments at major universities, supercomputing centers, U.S. national laboratories, and Fortune 20 enterprises. Bro differs fundamentally from traditional intrusion detection systems, as it is not tied to any single detection approach. Instead it provides users with a rich domain-specific scripting language suitable to express complex application-layer analysis tasks on top of a scalable real-time platform. Bro furthermore records extensive high-level logs of a network’s activity, which regularly prove invaluable for forensics and have helped solve countless security incidents. This presentation will introduce Bro’s philosophy and architecture, walk the audience through a range of the system’s capabilities, discuss deployment scenarios, and provide an outlook on Bro’s development roadmap. Learn more about Bro at http://www.bro.org.
Robin Sommer is leading the Bro project as a Senior Researcher at the International Computer Science Institute, Berkeley, USA. He is also a member of the cybersecurity team at the Lawrence Berkeley National Laboratory; and he is a co-founder of Broala, a recent startup providing professional Bro services to corporations and government customers. Robin Sommer’s research focuses on network security and privacy, with a particular emphasis on high-performance network monitoring in operational settings. He holds a doctoral degree from TU München, Germany.