Wednesday, June 26, 2013

Meet Broala, LLC

Today we're delighted to introduce a new venture that we've been preparing in the background for a little while already: the International Computer Science Institute (ICSI) is spinning off a company, Broala, that provides professional Bro services to organizations looking for an alternative beyond what the resources of the non-profit grant-funded Bro team can provide. Founded by core members of the Bro project, Broala offers strategic consulting on Bro installation, deployment, and customization, as well as individualized training and contract development. For more information, please read the full press release, then head over to

We would like to emphasize that the whole Bro team remains fully committed to our core principles that have served us so well for many years. Bro will always remain open-source under the BSD license, and ICSI will keep providing the project with a home; we'll maintain and extend the system just as we have been doing in the past, and we'll stay true to our research roots.  Broala is adding something new on top of what we have, it's not taking anything away from the amazing community that has developed around Bro over the years. Indeed, we aim for Broala's success to help ensure Bro's long-term viability as an open-source project.  With that, please welcome Broala as a new member of the Bro community. We're looking forward to exciting times ahead!

The Bro Team

Tuesday, June 25, 2013

New Research Grant On Security of Industrial Control Systems

We're excited to announce a new research grant on Semantic Security Monitoring for Industrial Control Systems that the National Science Foundation has awarded to a team of researchers at the International Computer Science Institute (ICSI),  the National Center for Supercomputing Applications (NCSA), and the University of Illinois. We plan to eventually integrate the technology developed for this effort into Bro's open-source distribution.

Industrial control systems differ significantly from standard, general-purpose computing environments, and they face quite different security challenges. With physical "air gaps" now the exception, our critical infrastructure has become vulnerable to a broad range of potential attackers. In this project we will develop novel network monitoring approaches that can detect sophisticated semantic attacks: malicious actions that drive a process into an unsafe state without however exhibiting any obvious protocol-level red flags. In one thrust, we will conduct a measurement-centric study of ICS network activity, aimed at developing a deep understanding of operational semantics in terms of actors, workloads, dependencies, and state changes over time. In a second thrust, we will develop domain-specific behavior models that abstract from low-level protocol activity to their semantic meaning according to the current state of the processes under control. Our goal is to integrate these models into operationally viable, real-time network monitoring that reports unexpected deviations as indicators of attacks or malfunction. A separate "Transition to Practice" phase will advance our research results into deployment-ready technology by integrating it into Bro.

Wednesday, June 5, 2013

Announcing Bro Exchange 2013 and Requesting Talks

I’m happy to announce the Bro Exchange for 2013 is a go! Our Bro Exchanges aim
to get a large number Bro users together into the same room to share
experiences and talk about how everyone is using Bro. This time, we’ll also add
in a bit of training similar to past Bro Workshops. We’re a little light on
specifics for the program still, but we’ll do more notifications as we pull it
program together.

The dates are going to be August 6th-8th and we will be back at the awesome
facilities offered by NCSA (National Center for Supercomputing Applications) in
Urbana, Illinois. For more information about what goes on at NCSA, you can
refer to their website:

If we are going to run another successful event this year we’ll need your help.
Submit talks to us if you have something to say. Show how you use Bro and how
it fits into your local processes. Let everyone else in the community benefit
from your experimentation! Send email to us at to submit a talk.
We’re going to set a deadline on June 30th for talk submissions so get them in
quickly and feel free to let us know if you have an idea for a talk but you
aren’t sure if it’s presentable. We’d gladly discuss it with you.

I’m really excited and looking forward to getting together with the Bro
community again this year!

Head over to our Bro Exchange website for more information and the link to our
registration site:

Help Us Demonstrate Bro's Impact: Deployment Survey

[Update: The survey is now closed.]

In 2010, the Bro Team received a grant from the National Science Foundation (NSF) to advance the state of the system, with a particular focus on making Bro more easy to deploy. Much of the work on Bro 2.x has been (and still is) funded out of this grant. We'd like to demonstrate to NSF that their support has made a real difference and have prepared a short survey aimed at better understanding today's state of Bro deployments. If you're running Bro on your organisation's network, please take a few minutes to fill it out (it's anonymous and really short!):

Link to Bro Deployment Survey

Many thanks in advance, a strong response may help us secure future funding to continue the current work.