ARIA SDS Packet Intelligence
Superior Analytics and Protection of Critical Traffic While Stopping Threats
Complete Network Visibility, Accelerated Incident Response, and Better Threat Containment
The ARIA SDS Packet Intelligence (PI) application provides complete visibility into internal network traffic, including east-west data flows. The application creates analytics, for every packet, that are ingested by packet delivery accounting tools, quality of service SLA monitoring applications, or as security analytics by SIEMs, which dramatically improves the effectiveness at finding active network-borne threats.
SOC teams can control the ARIA PI application to send select traffic into IDS/IPS tools or forensic recorders for deeper investigations. They can then use the application to isolate compromised devices or keep critical devices online while blocking threat communications only. These factors enable better, more comprehensive threat detection, faster investigative responses, and immediate threat containment—all without impacting network or application performance. Find and stop more modern-day threats that would normally be missed—such as malware, ransomware, breaches, exfiltrations, and more.
ARIA Packet Intelligence Benefits
Detect More Threats
Expose and identify intrusions typically missed by existing approaches.
Enhance Existing Security Tools
Enable faster incident detection and response, and with fewer false positives.
Improve effectiveness of investigation and automate containment.
Improve Improve Security Posture
Strengthen effectiveness of existing solutions to increase SOC performance.
Quick, simple deployment that is cost-effective to operate.
Gain returns of up to ten times over traditional tools.
Packet Intelligence Offerings
- Threat Analytics Improve visibility and intelligence gathering of network communications.
- Threat Triage Provides entire data conversations and ideal for investigating suspected threats.
Real-time threat containment.
Integration With ARIA ADR
Intelligent cyber attack containment and remediation.
Deployed through switch span ports or network taps, or in-band, the Analytics configuration improves network visibility and intelligence gathering from the generation of NetFlow metadata for every network packet. Great for accounting and provider billing of packet delivery with 1000x less server load. SIEMs can use this information to identify network-based threats and attacks.
Deployed through either a network tap or span switch, or in-band, the Triage configuration can direct traffic streams to applications for counting packets, monitoring QoS SLAs, as well as threat detection toolsets, which allows for faster IR with more complete identification and verification of threats. It offers intelligent filtering capabilities to direct only the appropriate classified traffic streams to security toolsets. Such adaptive filtering allows detection tools to operate more effectively by only analyzing the most relevant threat conversation traffic.
The in-band deployment of the Threat Reaper configuration adds the ability for real-time containment of identified network threats, as well as the execution of network connectivity policy enforcement. Any threat is stopped at the conversation level, leaving critical devices online, as well as be used to isolate compromised devices entirely and transparently from the network. It can also be deployed as a stateless port-based firewall running at wire rate either within the network or within a protected server doubling as a NIC. Finally, it can be used for network connectivity policy enforcement. It works with third-party tools that support SOAR solutions, and/or automated scripts and ARIA-provided workflows that allow such tools to communicate with ARIA PI to stop the threats as they are detected automatically.
ARIA PI is integrated with our ARIA ADR application and enables it to find internal network-borne threats, and to communicate back to ARIA PI to perform automated containment of the complete range of found attacks. This all happens within the network and is transparent to the devices and applications.
- On our latest generation of Myricom SmartNICs for zero footprint packet accounting and filtering and firewalling applications.
- Our in-line wire rate ARIA network appliances supporting at 10, 25, and 100G line rates to create on-the-fly network security analytics, select packet stream replication, and filter operations without adding latency to wire-rate packet flows.
- 1-10-25- 100G line rate operation
- Unsampled per packet NetFlow metadata (v5, v9), or IPFIX format generation
- Selective traffic stream – Redirect and/or drop to full line rate Packet Capture
- In-band or out-of-band deployment deployment options
- Highly available transparent bypass for in-line operation
- Out-of-the-box integration with all modern, SIEMs, IDS/IPS and forensic packet recorders
- Delivers UI- or API-driven options for automatic containment of network threats and directing particular data traffic streams to IR tools
- Compatible with SOAR tools and ideal for MDR services deployment
- Four optimized configurations: Threat Analytics, Threat Triage, Threat Reaper, or integration with ARIA ADR
Contact sales at firstname.lastname@example.org
Resources and Related Content
ARIA Cybersecurity Announces ARIA ADR Application Providing AI-Driven Automated Attack Containment
ARIA Cybersecurity Solutions Wins for Innovation in IoT and Network Security, as well as Industry Compliance IN 8th Annual InfoSec Awards at #RSAC 2020
Acknowledged for Solutions for Encryption, Threat Detection and Response, as well as Industry Compliance