Start-up morphs open-source security system for research networks into commercial platform

A start-up named Broala has been formed to expand the open-source intrusion detection system known simply as Bro that has been used in high-speed research networks for about two decades.

The Bro IDS has been used for security monitoring in high-speed networks, notably the Energy Sciences Network (ESnet) which has deployed it for about 15 years to monitor and protect ESnet. The founders of Berkeley, Calif.-based Broala say they intend to maintain Bro's open-source heritage but also to expand this core open source code to include newer applications.

"There are hundreds of potential applications for this programming language," says Liam Randall, managing partner at  Broala, co-founded with key open-source Bro developer Vern Paxson as chief scientist, Robin Sommer as director of R&D, and Seth Hall as director of engineering.

 [Ten Hot Security Start-Ups to Watch]

Randall says examples of what could be done further with Bro include possibly building a data-loss prevention system that might be combined with the Bro IDS or other various appliances. There's a growing demand for professional services related to Bro, and Broala as a start-up could provide customer support, he points out.

Randall said Bro development has been funded by grants by the National Science Foundation. But the establishment of privately held Broala (which publicly reports no venture capital funding yet) is a step to further modernize Bro in a more commercial setting where demand has been building. Randall estimated that there may be as many as 10,000 organizations in both the government and private sector that use the open-source Bro IDS today.

One of the best-known Bro IDS deployments has been at ESnet. Greg Bell, scientific networking division director of ESnet, says the high-speed network supports 100Gbps speeds between 40 main Department of Energy (DoE) labs and other sites. Because ESnet was designed as a high-performance network for use by the national laboratories, such as Lawrence Berkeley National Laboratory, it has been optimized for large-scale data transfers that scientists might require, with a single data flow reaching 10Gbps.

The Bro IDS supports high speeds effectively, according to Bell, who adds it has proven to be a flexible security tool to monitor ESnet via its use on a LAN. He adds Bro isn't used in-line to block suspected attacks but can be configured to take specific actions, such as communicating with a border router to block certain traffic.

Bro, running on Free BSD as freely downloaded-code, now has IPv6 support, Bell says. Like any IDS, it has a "learning curve" and may generate a false alert, he points out. He says the establishment of the start-up Broala appears to be a positive sign for the future of the Bro IDS.

Bro's inventor is said to be Broala's chief scientist Vern Paxson, who's also professor of networking and security at the University of California, Berkeley, and director of networking and security research at the International Computer Science Institute in Berkeley.

The establishment of Broala to provide commercial support for open-source Bro bears some comparison to how the inventor of the open-source Snort IDS, Martin Roesch, founded Sourcefire in 2001 to commercialize the open-source Snort IDS he had come up with in 1998.

Randall acknowledged there's some comparison to be made between the two open-source IDS, Bro and Snort, but says there are at least as many differences. There have been independent written studies that others have done to examine that topic, such as the one written by Pritika Mehra in the "International Journal of Advanced Research in Computer and Communications Engineering" last August which concluded that Bro, less known in general, is more adapted to very high speeds than Snort but may be somewhat harder to set up.

Broala's managing director Randall says there's growing use of the open-source Bro IDS, which has strong protocol analysis features, in the corporate world. But he promised the Bro IDS under BSD license will remain open source. "It's free for any use," he says.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags IDSsecurityeducationIPSindustry verticalsWide Area Network

More about Cisco SecurityCisco SecurityIDGinventorLAN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts