Today, I am incredibly excited to announce that I left my job to work on nzyme full-time. Working as the founder and CTO of Graylog for almost ten years and helping it grow to more than 125 full-time employees, I have learned a lot.
The future of nzyme
You can expect many more blog posts with development updates, but, in summary, I am taking the existing WiFi-focused core of nzyme and am extending it to support Ethernet data. Along with this huge addition, I am adding critical features like multi-node support and a proper authentication model.
The new nzyme will bring deep visibility into your networks and deliver on a promise that intrusion detection systems fail to provide today—a combination of automated detection paired with top-class instruments for human operators. On top of that, nzyme forwards parsed and enriched network data to other solutions that can provide additional alerting and insights.
Nzyme will stay free and open, with no change to licensing.
What is coming in nzyme v2.0?
The most notable changes and new features in nzyme v2.0 include:
- Ethernet traffic analytics for a modern world in which most traffic is encrypted
- Out-of-the-box detection rules for Ethernet and WiFi
- Multi-node architecture support
- A dedicated
nzyme-tap
program that reads Ethernet data or WiFi frames to feed into the nzyme cluster - New web interface
- Authorization and authentication model
- Centrally managed and flexible PCAP (full packet capture) on the tap nodes
- Cost-effective, low-maintenance, long-term storage, search and analytics of recorded network metadata
- Highly flexible forwarding that provides a near-real-time feed of parsed and enriched network data to other solutions like log-management systems
Follow the project on social media and join the Discord to stay up to date with progress. Of course there is an RSS feed, too.