The platform

Simplify your network analytic and security fusing all data in a single platform. redborder is a flexible solution adaptable to your organization’s needs. Its hierarchical and multi domain structures enable you to manage complex environments. Apply security policies, alarms and filters to get the maximum protection and control in real time. redborder operational intelligence platform puts in your fingerprints multiple metrics to secure, manage and monetize your network.

The Management Platform

Professionally procrastinate client-focused e-markets via enterprise-wide channels. Collaboratively evolve global mindshare through B2C scenarios. Authoritatively customize open-source outsourcing through worldwide communities. Objectively develop vertical scenarios rather than vertical architectures. Dramatically fashion reliable total linkage for highly efficient technology.

The Apps

redborder is a modular system where new features can be added as Apps (new data digestion capabilities) or Probes (new managed data sources). Each App is responsible for collecting and digesting at least one network protocol.

The Formats

redborder supports multiple standard legacy network protocols: traffic flows (Netflow v5/v9, IPFIX, Flexible Netflow), SNMP, Syslog, XML, HTTP, Radius; as well as vendor-specific protocols: Cisco’s MSE, CMX, AVC and NMSP, Palo Alto’s AppID & UserID, Aruba’s AEL, etc.

Json / Kafka

All data is transformed into JSON over Apache Kafka messages. From there, the pipeline is based on Apache Samza and works exclusively in this format. This ensures complexity isolation, message endurance, delivery warranties, performance, and uniformity.

Enrichment, Data Mining and Correlation

The second stage is analysis, were data undergoes multiple steps inside the pipeline to improve the decision and detect anomalies, reducing the burden on the analyst and pinpointing elements of greater interest.

This pipeline is common to all Apps, and can fuse or manage data from any of them, focusing on security and network analytics. It can be extended or improved by the community in other areas with ease.


Data is contextualized based on existing fields, without altering them. This includes external feeds like IP geolocation or IP, URL and MD5 reputation as well as cross-referenced data. A collaborative service is available to all users and a licensed feed is available to paying users.

Data Mining

With each new version, redborder data scientists add new capabilities based on MOA, SAMOA, and our own algorithms. Some are available in the Community release, and all in pay releases. They focus on anomaly detection in time series and highly multidimensional data.


Finally, data enters the correlation engine, based on SIDDHI, where a series of “business rules” are applied to trigger new events, alarms, or actions. The possibilities are many, including event conditions, time window and sequence operations, computations, etc.

Fast Storage, Policies and Action

Data is always stored in OLAP storage and some of it is also stored in Hadoop due to legal requirements. The full schemaless design allows us to store any type of information with ease.

Relevant data can trigger an action. This can range from a basic email alert up to an active countermeasure. We can apply advanced policies in our probes or basic ones in external elements through the policy enforcer.


redborder uses a Druid analytical engine. Druid is fully scale-out, schemaless, columnar and time independent (including real time) and includes advanced sketching algorithms to provide approximate answers at interactive speed, even with enormous amounts of data.

Hadoop/ HDFS

Druid can only work on aggregate data, which is why we also store exact, unaltered data in Hadoop as per legal requirements. This also enables us to execute batch processing analysis.