The Department of Homeland Security and the Bureau of Reclamation with Battelle Energy Alliance are releasing an easily deployable network traffic analysis tool suite. Named Malcolm, the software platform is an open source solution that provides IT network administrators and industrial control system owners with greater visibility into their computer network traffic and improves their capability to detect abnormal system behavior.
Although all of the tools which make up Malcolm are open source and in general use, Malcolm provides an interconnected framework that makes it greater than the sum of its parts. Malcolm’s easy, flexible deployment and robust combination of tools fill a void in the network security space and make advanced network traffic analysis accessible to many in both the public and private sectors as well as individual enthusiasts. Malcolm will continue to be developed and improved with a focus on providing visibility into the security of personal, enterprise and industrial control systems networks.
Malcolm was developed with DHS and Reclamation funding at the Idaho National Laboratory. It leverages open source network analysis and data management tools including Moloch (https://molo.ch), Zeek (formerly Bro; https://www.zeek.org), CyberChef (https://github.com/gchq/CyberChef), the Elastic Stack (https://www.elastic.co/products) and Docker (https://www.docker.com) to name a few.
The files required to build and run Malcolm are available at the Idaho National Lab’s GitHub page at https://github.com/idaholab/malcolm.
Malcolm’s source code is released under the terms of a permissive open source software license.