Network
Built by big data veterans, redborder fuses Suricata IDS, NetFlow, PCAP and log analytics into a single, horizontally scalable platform. Its distributed collectors funnel petabytes of traffic into a Spark based core where AI models spot anomalies and enrich events with threat-intelligence context. Whether you’re an MSSP juggling dozens of tenants or an enterprise securing multi-cloud traffic, redborder keeps mean time to detect, measured in seconds, not hours.
Redboarder NDR
Redborder is the open‑sourced, scale‑out love‑child of NDR, NGIPS and SIEM, sprinkled with threat intel and a dash of LLM wizardry. You can choose between appliance, on-premise or cloud format, you decide.
Traditional perimeter kit still thinks the bad guys turn up at the front gate wearing balaclavas. Reality check: most modern attacks slide straight past edge firewalls, then pivot, beacon and exfiltrate at leisure. You need continuous, inside‑the‑wire visibility, plus the ability to stamp on nasties fast. That’s the whole reason the NDR category exists.
So what is Redboader?
Open‑source, big‑data NDR platform: manager, sensors and apps released under AGPL/GPL licences and living on GitHub. You can inspect the code, contribute, or fork it for that skunk‑works project.
Modular sensors for flows (NetFlow/sFlow/IPFIX), full‑fat IDS/IPS (Snort 3/Suricata), Wi‑Fi telemetry and even hardware SNMP probes.
Horizontally‑scalable data lake built on Kafka + Druid. It’ll munch “millions of events per second” and still have room for pudding.
Correlation & AI engine that enriches events with threat‑intel feeds and then lets an embedded LLM write incident titles/descriptions for your SOC tickets. Yes, seriously.
Redborder LIVE SaaS flavour if you can’t be bothered racking servers, plus on‑prem ISO/VM images for the control‑freaks among us.
Key Capabilities
Scalable NDR
linear performance growth as you add nodes
Behaviour Analytics
UEBA & ML models tuned for insider threats
Integrated SOAR Hooks
Push playbooks to Cortex XSOAR, TheHive or Slack
Open API & UI Theming
White Label Ready for Service Providers.
Redborder twist |
Proper open‑source codebase (AGPL/GPL on GitHub) |
All‑in‑one NDR + NGIPS + SIEM + Flow + Wi‑Fi + HW monitoring |
Scale‑out on commodity x86; multi‑tenant friendly |
Built‑in Wi‑Fi location analytics (Aruba ALE / Cisco MSE hooks) |
Kafka + Apache Druid big‑data backbone |
Why it matters |
You can audit, extend or fork it; no black‑box voodoo. |
One console, fewer invoices, no swivel‑chair syndrome. |
Add cheap nodes when traffic grows – perfect for MSPs. |
Puts physical context (foot‑fall, rogue APs) into network alerts. |
Munches millions of events per second and still answers in real‑time. |
How it contrasts |
Most NDR’s are fully proprietary (and priced accordingly). Cyber Security IntelligenceGitHub |
Most NDR vendors sell separate IPS/SIEM add‑ons. Redborder | NDR Cybersecurity Solution |
Appliance players make you forklift‑upgrade every few years. Redborder | NDR Cybersecurity Solution |
Rivals stay strictly L2/L3 and ignore 802.11 telemetry. Redborder | NDR Cybersecurity Solution |
Many competitors rely on slower, proprietary datastores. GitHub |
Redborder Introduction
FAQ's
What’s the license model?
Fully open-source core with optional paid support & UI modules.
Can I deploy in Kubernetes?
Yes, Helm charts and Terraform blueprints ship out of the box.
Does it replace my SIEM?
Keep your SIEM; redborder enriches and forwards correlated alerts to cut log ingestion bills.
