| NSF Org: |
OAC Office of Advanced Cyberinfrastructure (OAC) |
| Recipient: |
|
| Initial Amendment Date: | September 12, 2013 |
| Latest Amendment Date: | July 8, 2019 |
| Award Number: | 1348077 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Rob Beverly
OAC Office of Advanced Cyberinfrastructure (OAC) CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | October 1, 2013 |
| End Date: | September 30, 2019 (Estimated) |
| Total Intended Award Amount: | $3,360,092.00 |
| Total Awarded Amount to Date: | $3,790,019.00 |
| Funds Obligated to Date: |
FY 2016 = $429,927.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2150 SHATTUCK AVE BERKELEY CA US 94704-1345 (510)666-2900 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1947 Center St STE 600 Berkeley CA US 94704-1198 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Cybersecurity Innovation |
| Primary Program Source: |
01001617DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Bro is an open source network security monitor (NSM) utilized by many NSF communities nationwide to protect their cyberinfrastructure. This project establishes a Bro Center of Expertise as a central point of contact for these communities to leverage Bro technology and expertise expertise. The activity reaches out to smaller NSF projects and communities helping them to use Bro in the most cost-effective and sustainable way to protect their infrastructures.
This activity promotes Bro as a comprehensive, low-cost security capability for these communities; providing guidance and support on all aspects of a Bro installation. The project devises reference scenarios for deployment and integration; and develops novel technical capabilities that cater to NSF environments. The project supports existing Bro users in optimizing and extending their setups, and makes Bro's capabilities available to new sites and projects that lack the resources to deploy Bro effectively on their own. At a technical level, the project is the focal point of Bro's open-source development, maintaining its code base and documentation. To the research community, the project acts as a facilitator for transitioning networking research results into practice by leveraging Bro as a deployment platform.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Zeek (previously known as Bro) is a Network Security Monitoring system that is widely used by educational institutions and by industry to secure their networks.
The goal of this project was to establish a Center of Expertise as the central point of contact for members of the NSF community. The objective of the Center was to support NSF institutions in their use of Zeek and to extend Zeek in ways that are useful for NSF-funded institutions.
The project achieved a lot of milestones during its 6 years of existence. During this time, we organized four workshops as well as seven conferences. In total, these events had more than 1,400 attendees from more than 600 different organizations. We also helped more than 20 NSF institutions with specific Zeek problems, questions about Zeek, or with their extension needs.
Under the supervision of the Center, the project evolved substantially in the last 6 years:
- We released 6 major versions of Zeek, as well as a multitude of small bugfix releases.
- We changed the name of the project from Bro to Zeek.
- We established a package ecosystem for Zeek that today features more than 120 different packages; these packages can be easily installed via a package manager that was created by the project.
- We shifted our services away from self-hosted systems. Our code and issue tracker is hosted by GitHub. This makes it easier for members of the community to report problems and to contribute to the project.
The Center also significantly increased the feature set of Zeek. Highlights include:
- We re-architected the communication system used by Zeek for internal data exchange.
- We developed the NetControl framework that allows Zeek to control Software Defined Network (SDN) hardware.
- We introduced a plugin infrastructure that allows external developers to extend Zeek functionality; this is often used by Zeek packages.
- As mentioned above we introduced the Zeek package manager.
- We refactored ZeekControl, the Zeek management interface.
- We added protocol and file analyzers for, e.g., MySQL, Kerberos, RDP, and SIP and overhauled other analyzers.
- We significantly extended TLS support.
Since the beginning of this project we have seen the interest in Zeek continue to increase significantly with a large number of organizations now considering Zeek monitoring a key part of their security processes. During the lifetime of the project, the way in which Zeek is developed also shifted significantly. In 2013, this project was the main source of development work for Zeek. In the last years development has slowly been taken over by commercial entities which now are sponsoring nearly all development work for Zeek. This development secures ongoing development on Zeek - and its ongoing availability for members of the NSF.
Last Modified: 01/29/2020
Modified by: Johanna Amann
Please report errors in award information by writing to: awardsearch@nsf.gov.
