Defiance — An Open-Source SIEM Built For “Invisibility”
Many cybersecurity professionals who work in the realm of SOC (Security Operations Center) know all too well the choppy seas of SIEM licensing and fees, and that substantial time goes to securing funding for iterative renewal, and you don’t always get what you pay for. Currently big name platforms are often sought after due to brand awareness, shiny front-end tools, and even the price tag. For some reason the mindset of “if it doesn’t have a price then it must not be worth much” is quite prevalent, even in these uncertain times where we could all benefit from free and open source tools and frameworks. Now while most of us can argue that a high-price isn’t a direct correlate to it’s operational or business value, try selling that to stakeholders and project owners at large enterprises looking to setup their own monitoring and response capabilities. It’s a hard sell sometimes, and only the initiated will truly understand the value of agile low-overhead open-source solutions. While this piece isn’t about the big companies per-se, it’s good just to set a little context to the following.
SME’s & SMB’s suffer the problem of “I need good security, but I can’t afford it”, and are thus left to settle for lower-tier options that often leave their needs unmet, and in some cases completely demotivate organizations from taking a security monitoring solution seriously. With the litany of standards and regulations most businesses are expected to oblige, one common thread among them is the need to employ solid monitoring. HIPAA, PCI DSS, IEC 62443, and more all have some tenet or requirement to fulfill security monitoring. It’s even the 10th item in the newest iteration of OWASP Top Ten Security risks and vulnerabilities (A10:2017-Insufficient Logging & Monitoring), which rings quite true when considering that it takes the average business 197 days to detect a breach. Regarding SMB/SMEs, this is something they must reckon with, and you don’t facilitate that by throwing big-ticket tools at these smaller shops & firms.
A new solution is here to meet the needs of smaller organizations needing enterprise grade SIEM without a heart attack from sticker-shock. Meet Defiance, a completely open-source SIEM solution by Defiant Networks, Inc. It boasts an roster of well (and some not so well) known open-source tools in a completely “dockerized” environment, all tuned to work in concert to be a true SIEM platform. Out of the box it already includes SOAR and SIRP capabilities, of which are typically licensed out by commercialized SIEM platforms for exorbitant fees. And if that wasn’t cool enough for you, Defiance is the first ever (and only) SIEM of it’s kind to secure event/log data ingest from distributed sensors & endpoints by employing HIP (Host Identity Protocol) as the transport layer defense solution. Utilizing HIP for this allows not only allows your SOC to go past “good enough” level of secure ingest, but its super scalable and easy to setup, effectively rendering the need to create and disseminate SSL certs and/or OpenVPN/VPN configs to all of your sensors or collectors a thing of the past.
To read up on details of Defiance, visit the GitLab repo:
Below is a video illustrating the sheer simplicity to install.
Defiant Networks, Inc. is a Security Software Solutions group that’s based on abstracting the complexities of configuration and management of HIP, and building it into open-source products to bring the power of cloaked-networking to anyone anywhere.
Image Credits
Image 1: https://www.clipart.email/make-a-clipart/?image=10915429
Image 2: https://www.pexels.com/photo/man-showing-distress-3777572/