momius - Fotolia
SNAS open source networking project captures BGP telemetry
This week, bloggers look into the open source networking option SNAS, SIEM for enterprises and automating device configurations.
Drew Conry-Murray, writing in Packet Pushers, looked into the Linux Foundation's new open source networking project. Dubbed Streaming Network Analytics System, or SNAS, the open source networking project harnesses open source code to create a collector that captures Border Gateway Protocol telemetry data. Enterprises, service providers or carriers can both capture and analyze routing topology data in real time for monitoring purposes.
Conry-Murray pointed out that SNAS is hardly a new effort. Instead, he said it is a renaming of the OpenBMP project, which was first developed by Cisco and later released under an Eclipse license as an open source networking system. The real-time topology information is aimed at improving visibility and understanding of the state of the network to boost security and performance. Data can be collected using an x86 server and stored in a MySQL database, which is part of the SNAS package. The program parses and sorts data using protocol headings and makes it accessible via APIs.
Read more of Conry-Murray's thoughts on SNAS.
SIEM is a must for enterprises
Jon Oltsik, an analyst with Enterprise Strategy Group Inc. (ESG) in Milford, Mass., examined the changing procurement model for cybersecurity technologies. Oltsik said, ultimately, CISOs will buy from fewer vendors.
According to an ESG survey of 176 cybersecurity professionals, 48% of respondents said security information and event management (SIEM) is very important, and 45% believe it is very important for enterprise security architectures. In total, 90% of respondents indicated that SIEM is a requirement for an enterprise-class security vendor to provide.
According to Oltsik, SIEM is poised to play a very important role in more data-driven cybersecurity tactics, but longer term, it may not be as necessary for a vendor to provide, as integrated security operations and analytics platforms take shape. Vendors will need to meet the challenge of tight integration with SIEM functionalities that extend to other areas of cybersecurity, like network security analytics or user behavioral analytics.
He added that because McAfee and IBM have SIEM platforms, they may be well-positioned to take on the role of enterprise-class security vendors, while Symantec and Trend Micro may have opportunities to target SMBs with integrated security offerings.
Dig deeper into Oltsik's thoughts on SIEM.
Creating device configurations with a template
Ivan Pepelnjak, writing in ipSpace, received a question from a reader who wanted to know more about tools for creating device configurations for hundreds of customer virtual routing and forwarding tables, without relying on Microsoft Excel and an automation tool. According to Pepelnjak, data can be stored in text files like CSV or YAML, a database or an Excel sheet.
However, he added that object-oriented databases are typically best. To easily update data, it may be best to use systems like Excel, Sublime Text or Notepad. A templating tool is the next step, with many engineers using Jinja2.
Pepelnjak weighed in with a suggestion to use a simple Python script to serve as the "glue" to take device-specific data and put it through a template. For more complicated processes, Ansible can help to set global parameters, create groups of devices or set up configurations. "There are the lazy people (like myself) who like to use the tools that are out there, and once I got familiar with YAML/Jinja2/Ansible combo I wouldn't even think about writing my own Python script to get the job done," Pepelnjak wrote.
Explore more of Pepelnjak's thoughts on how to best keep track of device configurations.
Open source network monitoring
Comparing the best SIEM systems
Network configuration management paves the way for SDN