IBM’s research department has announced that SysFlow, a toolkit for combating vulnerabilities in cloud environments, is now available as an open source kit.
SysFlow should simplify searching through data in order to find out where something is happening, which is quite a challenge for security tools at the moment. According to the researchers, keeping an eye on each individual file creates an awful lot of noise, making it difficult to actually detect a leak.
Instead of going through all files individually, SysFlow only focuses on high-priority data. In the background, it also focuses on everything else, but SysFlow places its behaviour under certain patterns in order to prevent an overload of data.
Improvements over existing tools
Frederico Araujo and Teryl Taylor, IBM researchers, indicated the advantage of SysFlow over existing tools in the announcement of the release.
“While state-of-the-art monitoring tools would only capture streams of disconnected events, SysFlow can connect the entities of each attack step on the system. For example, the highlighted SysFlow trace maps precisely the steps of the attack kill chain: the node.js process is hijacked, and then converses with a remote malware server on port 2345 to download and execute a malicious script,” the researchers explained.
In addition, SysFlow would also be smarter in allocating hardware capacity to the tool. Since data is handled more conveniently, this would make a ‘considerable’ difference, according to IBM.
Finally, users of SysFlow can also use other useful features that come with the toolkit. Standard scenarios in the event of an attack can be set up and the toolkit will also be able to detect that certain data (the example of financial documents being quoted in the wrong place) has to be moved to a different location.