MozDef - Mozilla's Self Defence Kit
MozDef - Mozilla's Self Defence Kit
Written by Alex Denham   
Monday, 24 March 2014

Mozilla is working on a defense platform to automate the handling of security incidents, and to enable the use of incident handlers. Why not create tools for defence - the attackers have plenty!?

The Mozilla Defense Platform (MozDef) is still at the early proof of concept stage, according to the documentation, but you can check it out in its current form on GitHub.

The announcement about it in the Readme on Github says that “the inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time.” In contrast, defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

mozillasecurity

 

When it is finalized, MozDef will provide a more automated platform. The goals of the team working on MozDef are that it will allow defenders to rapidly discover and respond to security incidents, and will also automate interfaces to other systems like bunker, banhammer, and mig. Incident handlers will be able to use it for real-time collaboration, and for repeatable, predictable processes for incident handling. The platform is designed to go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation.

In order to do this it will provide traditional SIEM functionality including:

  • Accepting events/logs from your systems
  • Storing the events/logs
  • Facilitating searches
  • Facilitating alerting
  • Facilitating log management (archiving,restoration)

 

In technical terms, input will be in JSON format, and you’ll have open access to your data. It will integrate with a variety of log shippers including heka, logstash, beaver, nxlog and any shipper that can send JSON to either rabbit-mq or an HTTP endpoint.

The developers plan to provide easy python plugins to manipulate your data in transit, and to give real-time access to teams of incident responders to allow each other to see their work simultaneously.

This is a good idea. Why not weaponize the defence in response to the attack? The only question is will this be another Mozilla project that fades way and does it go far enough?

 

mozillasecurity

 

More Information

MozDef documentation

MozDef on GitHub

Related Articles

Record Payouts At Hacking Contests

Is Exploiting A Bug Hacking?

The Computer Science of Insecurity

Cyber Attacks and Holidays

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, FacebookGoogle+ or Linkedin,  or sign up for our weekly newsletter.

 

 
 

 

blog comments powered by Disqus

 

Banner


Detecting When A Neural Network Is Being Fooled
08/03/2017

Adversarial images are the biggest unsolved problem in AI at the moment and progress is being made but for all the wrong reasons. Now we have some progress on detecting when an image has been speciall [ ... ]



Google Now Helps You Search For || And More
08/03/2017

There are some things that you have more trouble searching for than others. Any programming notation generally causes big problems. Now Google has done something about it - the only question is why &n [ ... ]


More News

Last Updated ( Tuesday, 25 March 2014 )
 
 

   
Banner
Banner
RSS feed of news items only
I Programmer News
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.