ARIA SDS Packet Intelligence

Improve and Speed-up Threat Containment Effectiveness

Enhanced Network Visibility, Accelerated Incident Response, and Better Threat Containment

The ARIA SDS Packet Intelligence (PI) application provides complete visibility into internal network traffic, including east-west data flows. The application sees every packet and creates security analytics that are transparently ingested by today’s SIEMs, which dramatically improves the effectiveness at finding active network-borne threats. SOC teams can control the ARIA PI application to send select traffic into IDS/IPS tools or forensic recorders for deeper investigations. SOC teams can then use the application to isolate compromised devices or keep critical devices online while blocking threat communications only. These factors enable better, more comprehensive threat detection, faster investigative responses, and immediate threat containment — all without impacting network or application performance. Find and stop more modern-day threats that would normally be missed – such as malware, ransomware and more.

ARIA Packet Intelligence Benefits


Detect More Threats

Detect More Threats
Expose and identify intrusions typically missed by existing approaches.

Faster Detection

Enhance Existing Security Tools
Enable faster incident detection and response, and with fewer false positives.

Automate Response

Automate Response
Improve effectiveness of investigation and automate containment.

Increase SOC Effectiveness

Improve Improve Security Posture
Strengthen effectiveness of existing solutions to increase SOC performance.

Reduce Costs

Reduce Costs
Quick, simple deployment that is cost-effective to operate.

Faster ROI

Fast ROI
Gain returns of up to ten times over traditional tools.

Compatible Products

Packet Intelligence Offerings


Deployed through switch span ports or network taps, out-of-band, the Threat Analytics configuration improves network visibility and intelligence gathering from the generation of NetFlow metadata for every network packet. SIEMs can use this information to identify network-based threats and attacks, such as malware, ransomware, and intrusions.

Threat Analytics

Deployed through either a network tap or span switch, out-of-band, the Threat Triage configuration can direct traffic streams to existing threat detection tool sets, which allows for faster IR with more complete identification and verification of threats. It offers intelligent filter capabilities to direct only the appropriate classified traffic streams to security toolsets. Such adaptive filtering allows detection tools to operate more effectively by only analyzing the most relevant threat conversation traffic.

Threat Triage

The in-band deployment of the Threat Reaper configuration adds the ability for real-time containment of network threats once identified, as well as the execution of network connectivity policy enforcement. It works with third-party tools that support security orchestration, automation, and response (SOAR) solutions, and/or automated scripts and ARIA-provided workflows that allow such tools to communicate with ARIA PI to stop the threats as they are detected.

Threat Reaper

ARIA PI is out of the box integrated with our ARIA ADR application. It enables ARIA ADR to find internal network-borne threats, and enables ADR to communicate to PI to perform automated containment of the complete range of attacks it finds. This all happens from within the network and is transparent to the devices and applications.

  • 1-10-25- 100G line rate operation
  • Unsampled per packet NetFlow metadata (v5, v9), or IPFIX format generation
  • Selective traffic stream – Redirect and/or drop to full line rate Packet Capture
  • In-band or out-of-band deployment deployment options
  • Highly available transparent bypass for in-line operation
  • Out-of-the-box integration with all modern, SIEMs, IDS/IPS and forensic packet recorders
  • Delivers UI- or API-driven options for automatic containment of network threats and directing particular data traffic streams to IR tools
  • Compatible with SOAR tools and ideal for MDR services deployment
  • Four optimized configurations: Threat Analytics, Threat Triage, Threat Reaper, or integration with ARIA ADR

Resources and Related Content


April 21, 2020
ARIA Cybersecurity Announces ARIA ADR Application Providing AI-Driven Automated Attack Containment

ARIA Cybersecurity Announces ARIA ADR Application Providing AI-Driven Automated Attack Containment

March 16, 2020
ARIA Cybersecurity Solutions Named Winner of the Coveted InfoSec Awards during RSA Conference 2020

ARIA Cybersecurity Solutions Wins for Innovation in IoT and Network Security, as well as Industry Compliance IN 8th Annual InfoSec Awards at #RSAC 2020

March 10, 2020
ARIA Cybersecurity Solutions Receives Top Awards by Cybersecurity Excellence

Acknowledged for Solutions for Encryption, Threat Detection and Response, as well as Industry Compliance