Network Traffic Analysis
Detect The Unknown
Unknown Advanced Persistent Threats (APTs) pose an increasing risk to networks worldwide. They bypass existing security tools and stay hidden for several weeks. They strike when the time is right – inflicting hundreds of billions of dollars of damage, or worse.
They may be in your network, but your existing security tools are not be able to detect them.
Network Traffic Analysis (NTA) is an effective tool to detect APTs before they can do damage to your network. NTA uses a combination of artificial intelligence, machine learning, rich network traffic metadata, and content inspection to detect threats. NTA monitors network communications between devices on the network, as well as those coming into and going out of the network, to identify possible threats.
.Monitors network traffic to detect threats
.Detects unknown threats by what they do, in real time
.Risks are identified before damage can occur
.Offers full visibility for every single device, single host, single
subnet on the network, and their communications up to L7
.Effective on SCADA networks
APTs must take action to accomplish their mission; like infecting other devices, downloading TOR, scanning for open ports, or communicating with a command and control server, etc. These actions create communications traffic within the network which is anomalous to “normal” network traffic. MENDEL uses advanced Network Traffic Analysis to detect these anomalous actions as they happen, allowing the security team to block offending communications, identify other infected devices within the network, and capture communications for further research. MENDEL can monitor the full network - including connected IoT and BYOD devices - via mirrored network traffic at the core switch; detecting advanced, unknown attacks across the entire network in real time, without the need to rely only on rules alone, profile a particular area, or analyze event logs. You don't need to know where an attack will strike before it does, or spend time in analysis after it happens.
APTs exploit the gaps in existing security tools. Rule-based security tools - like firewalls and intrusion detection systems must know a threat before it can be detected. APTs are unknown; which means APTs can evade these tools. APTs also bypass sandboxes, infect IoT and BYOD devices; where endpoint security cannot be installed, and attack SCADA networks. Log management solutions like SIEMs are difficult to deploy, analyze events after the fact, and generate high levels of false positives. Security solutions which rely heavily on NetFlow and/or IPFIX protocols are also ineffective against APTs, because these data protocols lack sufficiently detailed network traffic metadata for effective security.
Network Traffic Analysis also means MENDEL can offer not just advanced detection of unknown threats, but also visibility into individual devices, hosts, subnets, and services (including Layer 7) communicating on the network, with deep packet inspection for every device, including IoT and BYOD devices where an endpoint client can't be installed. Because anomalous events effect network performance, MENDEL is able to monitor network performance. Finally, MENDEL applies Network Traffic Analysis to not just traditional IT networks. SCADA/ICS networks, which are an increasing source of attack, can be protected with MENDEL's unique analysis features.
.Monitors network traffic to
detect threats
.Detects unknown threats by
what they do, in real time
.Risks are identified before
damage can occur
.Offers full visibility for every
single device, single host,
single
subnet on the network, and
their communications up to L7
.Effective on SCADA networks
APTs must take action to accomplish their mission; like infecting other devices, downloading TOR, scanning for open ports, or communicating with a command and control server, etc. These actions create communications traffic within the network which is anomalous to “normal” network traffic. MENDEL uses advanced Network Traffic Analysis to detect these anomalous actions as they happen, allowing the security team to block offending communications, identify other infected devices within the network, and capture communications for further research. MENDEL can monitor the full network - including connected IoT and BYOD devices - via mirrored network traffic at the core switch; detecting advanced, unknown attacks across the entire network in real time, without the need to rely only on rules alone, profile a particular area, or analyze event logs. You don't need to know where an attack will strike before it does, or spend time in analysis after it happens.
APTs exploit the gaps in existing security tools. Rule-based security tools - like firewalls and intrusion detection systems must know a threat before it can be detected. APTs are unknown; which means APTs can evade these tools. APTs also bypass sandboxes, infect IoT and BYOD devices; where endpoint security cannot be installed, and attack SCADA networks. Log management solutions like SIEMs are difficult to deploy, analyze events after the fact, and generate high levels of false positives. Security solutions which rely heavily on NetFlow and/or IPFIX protocols are also ineffective against APTs, because these data protocols lack sufficiently detailed network traffic metadata for effective security.
Network Traffic Analysis also means MENDEL can offer not just advanced detection of unknown threats, but also visibility into individual devices, hosts, subnets, and services (including Layer 7) communicating on the network, with deep packet inspection for every device, including IoT and BYOD devices where an endpoint client can't be installed. Because anomalous events effect network performance, MENDEL is able to monitor network performance. Finally, MENDEL applies Network Traffic Analysis to not just traditional IT networks. SCADA/ICS networks, which are an increasing source of attack, can be protected with MENDEL's unique analysis features.
.Monitors network traffic to
detect threats
.Detects unknown threats by
what they do, in real time
.Risks are identified before
damage can occur
.Offers full visibility for every
single device, single host,
single
subnet on the network, and
their communications up to L7
.Effective on SCADA networks
APTs must take action to accomplish their mission; like infecting other devices, downloading TOR, scanning for open ports, or communicating with a command and control server, etc. These actions create communications traffic within the network which is anomalous to “normal” network traffic. MENDEL uses advanced Network Traffic Analysis to detect these anomalous actions as they happen, allowing the security team to block offending communications, identify other infected devices within the network, and capture communications for further research. MENDEL can monitor the full network - including connected IoT and BYOD devices - via mirrored network traffic at the core switch; detecting advanced, unknown attacks across the entire network in real time, without the need to rely only on rules alone, profile a particular area, or analyze event logs. You don't need to know where an attack will strike before it does, or spend time in analysis after it happens.
APTs exploit the gaps in existing security tools. Rule-based security tools - like firewalls and intrusion detection systems must know a threat before it can be detected. APTs are unknown; which means APTs can evade these tools. APTs also bypass sandboxes, infect IoT and BYOD devices; where endpoint security cannot be installed, and attack SCADA networks. Log management solutions like SIEMs are difficult to deploy, analyze events after the fact, and generate high levels of false positives. Security solutions which rely heavily on NetFlow and/or IPFIX protocols are also ineffective against APTs, because these data protocols lack sufficiently detailed network traffic metadata for effective security.
Network Traffic Analysis also means MENDEL can offer not just advanced detection of unknown threats, but also visibility into individual devices, hosts, subnets, and services (including Layer 7) communicating on the network, with deep packet inspection for every device, including IoT and BYOD devices where an endpoint client can't be installed. Because anomalous events effect network performance, MENDEL is able to monitor network performance. Finally, MENDEL applies Network Traffic Analysis to not just traditional IT networks. SCADA/ICS networks, which are an increasing source of attack, can be protected with MENDEL's unique analysis features.
Do you have any question?
Please leave us your contact details so we can deliver a personalized offer tailored to your company’s needs.