NarusInsight CyberProtection
Dynamic Network Traffic Intelligence and Security
Neil Harrington, Director, Product Management
Downloadable Data Brochure: NarusInsight CyberProtection (PDF)
Downloadable Solution Brief: NarusIsight CyberProtection In The Operations Center (PDF)
CyberProtection is a real-time, network-based traffic intelligence and security application that provides your network operators with unprecedented visibility into what is happening on your networks. The application complements your existing network security programs and easily integrates into your overall network security architecture. Just as importantly, it enhances network security by identifying threats that may have slipped past your perimeter defenses or entered the network from within.
Key Features
Global Traffic Analysis and Management
- Collect and correlate network information to improve situational awareness
- Analyze traffic from multiple network sources in real-time
- Continuously monitor all network traffic
- Profile traffic characteristics and behavior through Layer 7
Network-Wide Anomaly Detection
- Identify complex security threats and multiple attack types in real time
- Correlate data from a variety of sources into a single actionable event
- Translate security threats into prevention policies
- Integrate with third-party SIEM
Identification of Unauthorized Traffic
- Wrapped or hidden applications
- Unknown or encrypted traffic
- Application and protocol tunneling
- Rogue servers
Discovery of Changes in Traffic Patterns
- Unauthorized/unexpected services and servers
- Communications on unauthorized ports
- Deviations in routing topology and application usage and behavior
- Baselines for any traffic attributes
Continuous Monitoring
- Compliance with regulatory requirements
- Infrastructure protection
- Configuration and security policy
Key Differentiators
- Unprecedented Visibility into the Network
- Patented Adaptive Anomaly Detection Engines
- Highly Customizable System
Process Flow
To execute on an effective cyber protection strategy, there's much more to be considered than simply arbitrarily blocking potentially "bad" traffic. Narus advocated a holistic approach to complete cyber protection which requires the following three functions:
- Traffic collection with Intelligent Traffic Analyzers utilizing passive tap interfaces and Data Collection Agents for structured data
- Analytical Engines including Entity Analysis Engines which evaluate and aggregate traffic based on specific set of pre-defined traffic profiles; Signal Processing Engines which evaluate traffic for security significant events and Entropy Engines evaluate traffic for normal randomness of activity within the network
- Web Portal provides a single console that displays all collected and processed traffic information in a variety of views
CyberProtection provides government organizations and large enterprises unparalleled network traffic visibility, pinpoint alerting to give cyber security operations the edge in protecting against the most nefarious and persistent threats.
|
