NarusInsight CyberAnalytics

Advanced Visualization, Analytics and Protection for Large, Distributed IP Networks
 

David Cavuto, Director, Federal Product Engineering
Downloadable Data Brochure: NarusInsight CyberAnalytics (PDF) 

CyberAnalytics is a real-time, network-based traffic intelligence and security system that delivers dynamic, organization-wide network visibility and enables timely discovery and analysis of anomalous, suspicious, and malicious network traffic. NarusInsight passively collects network traffic and delivers Layer 2 through rich Layer 7 metadata known as Narus Vectors. A library of Narus Live Analytics™ tools analyzes this “traffic-in-motion,” identifying suspicious behavior as vectors stream by.  You can create your own behavior-based traffic-in-motion analytics and run them continuously to deliver wire-speed protection based on the unique characteristics of your network.

In addition, CyberAnalytics contains SQL-based tools for on-demand visualization and analysis of network traffic-at-rest. With just a few clicks, your operators can visualize, drill in, pivot, and report on nearly any aspect of your external, internal, and transient network traffic.

 
Key Features

Unprecedented Visibility into the Network

•  Collect internal, external, and transient network traffic
• Identify unauthorized or suspicious traffic as well as surface changes in traffic patterns
• Enable easy addition of secondary data such as past events, registry information, IP geolocation, blacklists, and more
   

Rich-Readily Available Layer 2 through Layer 7 Metadata (Narus Vectors)

•  Sessionalize and normalize packets into conversations that are ready for analysis
• Use storage that is typically 5% of the volume of PCAP files
• Accurately determine ports, protocols, and applications via observed Layer 7 behavior analysis
   

Dashboard Driven On-Demand Analytics for Traffic at Rest

•  Visualize and analyze days, weeks, or even months of network traffic
• Support analysts in investigation and making educated decisions based on institutional knowledge
• Easily convert ad hoc queries into automated streaming analytics
   

Powerful Live Analytics for Traffic in Motion

• Run analytics in real-time and streaming mode, cascade it for complex functionality
• Depend on its stateful and session-aware operation
• Capture results in central data warehouse

Ready for "Big Data"

•  Save storage with proven metadata design
• Allow data reside where it is most convenient through its distributed data store
• Integrate effectively with third party tools (SIEM, reporting, etc.) 

Key Differentiators

• Unprecedented visibility into the network
•  Full range of exploration and analytics tools
• Powerful data warehouse
• Accelerated investigation

Process Flow

CyberAnalytics provides dynamic network visibility for the discovery and of anomalous network traffic. Its key processes include: 

1. Traffic collection and vector generation utilizing intelligent Traffic Analyzers' passive tap interfaces and generate Narus Vectors. Data Collection Agents are used to collect structured traffic data
2. Narus Live Analytics are tools used to analyze network traffic-in-motion
3. On-demand visualization and analytics for traffic at-rest-provides unparalleled on-demand visualization of network traffic that provides a deep understanding of network behavior
    

CyberAnalytics provides security analysts with unparalleled, real-time network visibility, improved insight into suspicious traffic and accelerated investigations. Whether the data in question is in motion or at rest, generated from within or from outside an organization, signature- or non-signature based, NarusInsight CyberAnalytics uncovers the details needed to improve the overall health and security of critical networks.