Bro/Zeek Network Security Monitor

Project Summary

Vern Paxson developed the initial version of the Bro Network Security Monitor initial version in 1995 while at Lawrence Berkeley National Laboratory. The original software was called “Bro” as an “Orwellian reminder that monitoring comes hand in hand with the potential for privacy violations.” Bro changed its name to Zeek and has also been commercialized in a spinoff called Corelight.

LBNL first deployed Zeek in 1996, and the USENIX Security Symposium published Vern’s original paper on Zeek in 1998, and awarded it the Best Paper Award that year He published a refined version of the paper in

The canonical reference for Bro/Zeek is the 1999 ``Bro: A System for Detecting Network Intruders in Real-Time.''

More Information:

Vern Paxson
Zeek (open source)
Corelight (commercial spinoff)

More information is available on other Berkeley Lab R&D projects focusing on cybersecurity in general, as well as specifically on cybersecurity for scientific and high-performance computing.