NSF Funds Zeek Center of Expertise to Support Cybersecurity Operations in Research and Education

Adam Slagell and Robin Sommer
From left, NCSA's Adam Slagell and ICSI's Robin Sommer, who will direct the new center.

BERKELEY, Calif., October 1, 2013 – The National Science Foundation has awarded a three-year, $3.4 million grant to cybersecurity experts at the ICSI and the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign. They will provide training and technology for deploying the Zeek network security monitor at NSF-funded sites of all sizes. The project, which establishes the Zeek Center of Expertise, will also help members of the research community leverage Zeek as a deployment platform for their networking research.

Zeek is a widely deployed open-source network monitoring platform maintained by ICSI and NCSA, with support from NSF. It was originally developed by Professor Vern Paxson, who now directs networking and security research at ICSI and who will help lead the center. Today, Zeek is used to monitor and secure the network infrastructure at major universities, research labs, supercomputing centers, open-science communities, and Fortune 50 companies.

"For many NSF-supported sites Zeek has become key to protecting their cyberinfrastructure,” said Robin Sommer of ICSI’s networking and security group, who, with NCSA’s Adam Slagell, leads the project. “The Center gives these organizations a central point of contact for guidance and best practices, and it enables us to tailor Zeek further to the unique needs of the open-science community."

The new center offers support to NSF-funded sites, from small colleges to large research facilities. A team with backgrounds in research, operations, and engineering will help such institutions install and operate Zeek. The team will also develop guidelines that aid the NSF community in creating custom Zeek installations.

At the same time, the team will continue to maintain Zeek's open-source code base, and it will extend the system with novel capabilities that cater to the specific needs of open-science networks. Universities and research institutes tend to have more liberal networking policies than commercial organizations do, putting them at greater risk and making it more difficult to find malicious behavior as users are performing a greater variety of tasks on the network. Scientific networks also often face performance challenges when supporting high-performance applications. The team at ICSI and NCSA will be working to improve the effectiveness of Zeek in such environments.

A third thrust of the project aims to leverage existing Zeek installations to facilitate networking research. Zeek's wide deployment provides researchers with a platform to deploy prototype technology with little risk of disrupting ongoing operations. The team will support researchers in exploiting this potential.

"The cyberinfrastructure used by our scientists and engineers is critical to our nation's competitiveness. This center will provide the expertise to projects and centers big and small to help protect these resources by reaching out directly to these communities,” said Slagell. “Traditionally, it has been hard for small organizations to get started with Zeek, and we will be providing the assistance to get over that inertia of the first deployment."

The Zeek Center is funded by the NSF through grant number ACI-1348077.

 

About ICSI

The International Computer Science Institute (ICSI) is a leading center for research in computer science and one of the few independent, nonprofit research institutes in the United States. With its unique focus on international collaboration and its affiliation with the University of California at Berkeley, ICSI brings together the most influential U.S. scientists and experts from around the world in areas such as computer networking and security, speech and language processing, algorithms, bioinformatics, computer architecture, computer vision, multimedia analysis, and artificial intelligence. For more information, visit ICSI at www.ICSI.berkeley.edu, follow us at www.twitter.com/ICSIatBerkeley, or read our blog at http://www.ICSI.berkeley.edu/icsi/blog.

About NCSA

The National Center for Supercomputing Applications (NCSA), located at the University of Illinois at Urbana-Champaign, provides computing, data, networking, and visualization resources and services that help scientists and engineers across the country better understand our world. For more information, visit www.ncsa.illinois.edu.

About Zeek

Zeek provides a comprehensive open-source platform for network security analysis. Well-grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its initial design by Professor Vern Paxson, serving as both a research platform and an operational intrusion detection system. Today, it is developed at ICSI and NCSA and is used to monitor and secure the cyberinfrastructure at major universities, research labs, supercomputing centers, open-science communities, and enterprises. For more information, visit https://zeek.org/.

This article was updated to reflect the project name change from Bro to Zeek & link to the correct project URL.