New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
 
Using Network Intelligence technology for network behavior anomaly detection (NBAD) and network forensics

CURRENT THREAT SCENARIO

In order to improve their understanding of breaches and ultimately improve cyber security, SaaS and cloud providers have a need to enhance their ability to search forensically through all network connections for certain parameters and extract relevant data. The key to this capability is the ability to sift through network data and metadata and extract relevant information in real time. This ensures optimized storage and quick indexing and access to the relevant information. Network Intelligence technology enables complete visibility of all network traffic and applications, for easier and faster retrieval.

Tomorrow's Technology Today
Network Behavior Analysis

WHAT DOES THIS TECHNOLOGY DO?

Qosmos ixEngine identifies and extracts information traveling over networks, providing a true picture of its purpose, use and context. It is unique in its capabilities to identify the hundreds of protocols used for IP transactions, the types of applications in use, the content of transactions and, critically, metadata that describes and maps details for rapid analysis of data relationships. More than 4,000 metadata attributes are available for analysis to improve visibility into network activity and rapidly correlate Internet users with specific transactions and behavior. In the case of NBAD systems, ixEngine provides a rich detailed view of the traffic within any environment, with full search and replay capabilities. It fills a gap that most high-level security tools do not meet: the ability to search forensically through all network conversations for certain parameters, and extract the relevant information, including payload. The data extracted by ixEngine can be easily indexed for quick retrieval should an investigation be necessary from stored data, as well. In addition, the real-time indexing and filtering of only relevant information as it travels over the network leads to optimized (and lower cost) storage requirements. Network Intelligence technology’s ability to parse traffic and session information also increases the speed and effectiveness of investigations.

Protocol decoding up to Layer 7 with Qosmos ixEngine enables complete visibility of all network traffic and applications, independently of ports. As an addition to systems that analyze logs, Qosmos provides the ability to search collected metadata such as URLs, cookies, services on non-standard ports, etc. This provides a richer view into the data captured, shortening search times considering. For example, just looking for a specific URL believed to be exploiting a web server, and not knowing the IP addresses of the source or time frame within the vast system of a typical SaaS provider would require searching through entire payloads of data, potentially taking hours. Searching through layer-7 metadata would reduce this time to mere minutes.The extracted metadata can be mixed with log information for easy indexing and faster retrieval within storage systems. In addition, ixEngine is perfectly scalable, with multi-core architecture support to increase packet processing performance, and allow for throughputs up to 80 Gbps, improving response time and efficiency.

CONCLUSION:

It would take years and considerable expense for vendors to develop capabilities similar to Qosmos ixEngine on their own. As an enabling technology, it significantly reduces the time and cost to storage and search vendors to achieve the substantial economic and operational benefits of Network Intelligence technology in their offerings. Available as a software development kit, Qosmos ixEngine can be used by these vendors, as well as SaaS and cloud providers, to accelerate the delivery of more precise, secure and intelligent applications and services.

Qosmos
Immeuble Le Cardinet
5, impasse Chalabre
75017 Paris - France

Bookmark and Share  

Follow us on twitter   Join us on LinkedIn   Photos on flickr   Watch us on YouTube   Become our fan on Facebook   Google   

Volunteer To Be A Judge
Apply today to be a preliminary-round judge for the 2011 awards. If you qualify, you'll be assigned categories based on your experience and industry. Apply now to be a Judge>>
More Tomorrow's Technology Today...
Current threat scenarios and how technologies are providing solution Learn more>>