ARIA SDS. Application

Similar documents
CSPi. A Practical (low cost) Approach to Securing East-West Traffic & Critical Data. December 2018

The Myricom ARC Series with DBL

The Myricom ARC Series of Network Adapters with DBL

Compare Security Analytics Solutions

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

with Sniffer10G of Network Adapters The Myricom ARC Series DATASHEET Delivering complete packet capture functionality. a cost-effective package

Security. Made Smarter.

Product Brief GigaVUE-VM

with Sniffer10G of Network Adapters The Myricom ARC Series DATASHEET

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

McAfee Virtual Network Security Platform

Rethinking Security: The Need For A Security Delivery Platform

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

AWS Reference Design Document

Solution Overview Gigamon Visibility Platform for AWS

Novetta Cyber Analytics

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

The Critical Assets Filter for the SOC Focus discovery and analytics to expedite security investigations

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

BIG MON CONTROLLERS BIG MON ANALYTICS NODE. Multi-Terabytes L2-GRE 1/10/25/40/100G ETHERNET SWITCH FABRIC. Optional BIG MON BIG MON SERVICE NODES

Juniper Sky Advanced Threat Prevention

Imperva Incapsula Website Security

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

JUNIPER SKY ADVANCED THREAT PREVENTION

MITIGATE CYBER ATTACK RISK

THE ACCENTURE CYBER DEFENSE SOLUTION

SIEM Solutions from McAfee

MEETING ISO STANDARDS

May the (IBM) X-Force Be With You

The Cognito automated threat detection and response platform

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

IPS-1 Robust and accurate intrusion prevention

Seceon s Open Threat Management software

F5 DDoS Hybrid Defender : Setup. Version

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

McAfee Skyhigh Security Cloud for Citrix ShareFile

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Cisco Tetration Analytics

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

McAfee Advanced Threat Defense

Microsoft Security Management

SECURING THE MULTICLOUD

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

SIEM Product Comparison

Qualys Cloud Platform

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Un SOC avanzato per una efficace risposta al cybercrime

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

CYBER ANALYTICS. An Advanced Network- Traffic Analytics Solution

Features. HDX WAN optimization. QoS

The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery. Citrix.com ebook Align Cloud Strategy to Business Goals 1

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

McAfee MVISION Cloud. Data Security for the Cloud Era

2018 Edition. Security and Compliance for Office 365

Managed Endpoint Defense

The Why, What, and How of Cisco Tetration

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

SEVONE DATA APPLIANCE FOR EUE

CloudSOC and Security.cloud for Microsoft Office 365

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Bromium: Virtualization-Based Security

A10 HARMONY CONTROLLER

Traditional Security Solutions Have Reached Their Limit

Reducing the Cost of Incident Response

Data Sheet Gigamon Visibility Platform for AWS

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Policy Enforcer. Product Description. Data Sheet. Product Overview

The Future of Threat Prevention

The Vectra App for Splunk. Table of Contents. Overview... 2 Getting started Setup... 4 Using the Vectra App for Splunk... 4

IBM services and technology solutions for supporting GDPR program

Securing the Software-Defined Data Center

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Security by Default: Enabling Transformation Through Cyber Resilience

FloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Securing Your Amazon Web Services Virtual Networks

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

NetFlow Optimizer. Overview. Version (Build ) May 2017

The threat landscape is constantly

Security and Compliance for Office 365

Fabrizio Patriarca. Come creare valore dalla GDPR

SOC AUTOMATION OF THREAT INVESTIGATION

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Snort: The World s Most Widely Deployed IPS Technology

The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

SEVONE END USER EXPERIENCE

VM-SERIES FOR VMWARE VM VM

CipherCloud CASB+ Connector for ServiceNow

How Vectra Cognito enables the implementation of an adaptive security architecture

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Transcription:

ARIA SDS Packet Intelligence Application CSPi s ARIA SDS Packet Intelligence (PI) application enhances an organization s existing network security capabilities by enabling the monitoring of all network communications, including east-west traffic, throughout an enterprise. Using the ARIA PI application, flow-level metadata can be created for all packet traffic and directed to existing security tools like SIEMs or UEBA solutions. By feeding a steady stream of data to these devices, it is more likely that the algorithms will find network-born threats. Enabling the correlation of this data with other sources can improve threat detection effectiveness by 80% while also lowering the number of false positives. In addition, the ARIA PI application can be programmed to send certain packet-level traffic streams, such as send all conversations to and from SQL databases in this subnet to this group of devices, to threat detection tools, including IDS or SIEMs. If a threat is detected, and the detection tool has the appropriate built-in automation, it can tell the ARIA PI instances to send conversations, in their entirety, for further analysis. Security tools that support automated workflows can communicate via APIs to the ARIA PI application to take one, or multiple actions, against suspect traffic conversations. In real time, ARIA can generate as many copies of specific traffic streams as needed and enable multiple workflows to occur independently and in parallel. The result is enhanced speed and effectiveness of a broad array of tools, as well as the security team members success detecting network-born attacks. This can be thought of as a passive approach to threat detection. Passive in that the PI application will typically run out-of-band through the use of network taps or switch/v-switch span ports. In such an implementation, threats can be detected but not directly acted upon. F E A T U R E S Benefits: Helps detect and automatically stops network-born threats. Runs wire rate at 10 or up to 25G without impact to network or application performance. Performs full network monitoring of all critical assets and application data, including lateral traffic flows. Gives many flexible deployment options: out-of-band for passive monitoring or inline (in-band) for automatic traffic filtering ranging from network policy enforcement, to dropping and/or redirecting threat traffic streams for further analysis. Leverages and improves effectiveness of existing security tools including SIEMs, UEBA, IDS/ IPS, DLP, and forensic packet recorders. Delivers UI or APIdriven options for automatic disruption of network threats immediately upon detection. Works with SOAR tools. Ideal for MDR services deployment. Provides four deployment options optimized to meet variety of security requirements: threat analytics, passive protection, active protection or complete, out-of-the box turnkey protection. 1

However, the PI application can also take active measures to prevent and/or stop detected network-born threats. If deployed in-band, or in-line, the PI application can classify traffic in real time while also applying a set of rules to that live traffic as it passes through network. This approach can stop threats in four ways: 1. Network Policy Enforcement Create, apply, and enforce microsgementation rules to determine which set of devices, groups, or applications within these groups can talk to each other outside the group. All of this occurs inside the network, including between the on-premises networks and the public cloud, as well as microservices running within and between applications. 2. Pre-specified Investigation Analysis Redirect traffic stream conversations as specified by policy or dynamically; such as directing certain file transfers and/or email traffic streams through a DLP system to identify and stop data leaks. 3. Dynamic Redirect Leverage workflow automation tools to dynamically redirect particular traffic stream conversations for additional investigation; such as upon API instruction send all traffic from a potentially malware-infected device group through an extensive IPS rule set, while also sending a copy of the traffic to a packet recorder for forensic analysis and future audit. 4. Network Based Remediation Through the ARIA UI, stop specified conversations as identified by the security team, or automatically through including scripts/api commands from third-party threat detection tools. When used in any of these manners, the ARIA PI application enables the real-time automatic execution of preventative actions on specified traffic flows. Another benefit of the PI application is that it executes at full line-rate, up to 25G, without affecting application performance. For organizations that desire data protection capabilities, ARIA PI can direct traffic to additional ARIA applications to provide crypto services. The ARIA SDS Platform solution simplifies and automates the deployment, and provisioning of the ARIA PI application. This make it as easy to deploy and run one or hundreds of instances across a wide-spread organization. The ARIA PI solution is offered in four configurations, each designed to meet a variety of security needs: 0415/500 cspi.com 2

Threat Analytics: Provides a simple, low-cost approach to improve the visibility and intelligence gathering of network communications. This fully automated solution identifies and classifies all network traffic at full line rates of 10G or 25G with no loss of application performance. The PI Threat Analytics configuration improves network visibility by providing Netflow metadata (v5, v9 or IPFIX format) and/or provides application identification information for each traffic stream. This meta information, provided to new or existing tool sets, allows for quicker identification of threats. Threat Analytics 10/25 GBs Traffic from Network taps (out-of-band) UEBAs, APMs etc... Passive Detection: The passive network detection configuration deployed either through tap or switch span directs the appropriate classified traffic streams to security toolsets, including SIEMs, IDS, UEBA, and DLP for further analysis. This intelligent filter capability redirects specific flows to each tool as specified. It also can shunt certain flows, such as streaming video and audio-only, sending a specified number of bytes. Such adaptive filtering allows detection tools to operate more effectively by only analyzing the most relevant traffic. For SIEMs like Splunk and QRadar that charge by ingested bit, this translates into dramatic cost savings. 10/25 GB/s Traffic from Network taps (out-of-band) Passive Detection specified via UI or APi driven UEBAs, APMs etc... Database traffic to IDS Email to anti-phish Database traffic to recorder 5 - Tuple* SRC.DST IP SRC.DST Port SRC.DST Port, Pcol Single or multiple per classified stream Redirect copies & tag Shunt 3

Active Protection: The in-band deployment of CSPi s packet intelligence active solution not only provides the same level of automated network monitoring capabilities as found in passive offerings (Threat Analytics and Passive Detection), but it also enables the real-time ability to stop network threats, as well as perform network policy enforcement. It works with third-party tools that support Security Orchestration, Automation, and Response (SOAR) solutions, and or automated scripts and workflows that allow such tools to communicate with ARIA to stop the threats as they are detected. This greatly increases an organization s ability to take the appropriate actions against certain traffic streams, including forward, drop, replicate, redirect, shunt, and alert. Dynamic interaction directly or via automated workflow APIs gets the specified suspect traffic conversation streams to the right tool sets for proper analysis. Additionally, the active protection configuration is centrally managed, through a UI, and once set-up, eliminates the manual effort and potential errors when managing a complex environment. For organizations that have requirements around redundancy and resiliency, there are options for high availability. Active Protection 10/25 GB/s In-line Traffic specified via UI or APi driven UEBAs, etc... Database traffic to IPS Email to anti-phish Access to recorder 5 - Tuple* SRC.DST IP SRC.DST Port SRC.DST Port, Pcol Single or multiple per classified stream Forward Drop Shunt Redirect copies & tag Traffic passed on to destination via policy Real-time threat response instruction from security tools/ security team Turnkey Protection: The last and most robust packet intelligence configuration is a complete turnkey approach to full network-based threat detection or protection. CSPi s Packet Intelligence solution integrates thirdparty security tools, such as IDS tools, to detect threats and, IPS to detect and to take automatic, actions to stop or disrupt threats once detected. This preconfigured solution gives organizations a centralized and orchestrated way to secure their environment, as well as the right data needed for security team resources to identify and stop potentially destructive network activity. 4

Feature Threat Analytics Passive Detection Active Protection Turnkey Protection analytics App ID analytics Creates analytics for every packet Classifies traffic flows Sends copies of flows to tools Performs multiple operations/ traffic flow Does not impact traffic performance Deploys passively Passively detects threats Dynamic Redirect Deploys actively Redirects traffic flows to prevention tools Enforces connectivity policy Performs micro-segmentation API Driven to stop threat traffic Network based remediation Automated deployment Set and forget configuration High Availability option Traffic decryption option IDS or IPS integrated option Email anti-phish option About CSPi CSPi (NASDAQ: CSPi) is a global technology innovator driven by a long history of business ingenuity and technical expertise. A market leader since 1968, we are committed to helping our customers meet the demanding performance, availability, and security requirements of their complex network, applications and services that drive success. CSPi Corporate Headquarters 175 Cabot Street - Suite 210 Lowell, MA 01854 800.325.3110 (US & Canada) CSPi High Performance Products 800.325.3110 (US & Canada) us-hpp-sales@cspi.com CSPi Technology Solutions 800.940.1111 us-ts-sales@cspi.com www.linkedin.com/company/csp-inc @ThisIsCSPi us-hpp-sales@cspi.com www.cspi.com All companies and logos mentioned herein may be trademarks and/or registered trademarks of their respective companies.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback