ARIA SDS Packet Intelligence
Improve and Speed-up Threat Containment Effectiveness
Enhanced Threat Detection, Accelerated Incident Response, and Automated Threat Containment
With the ARIA SDS Packet Intelligence application, security resources have complete visibility into internal network traffic, including east-west data flows. This enables better, more comprehensive threat detection, faster investigative responses, and immediate network threat containment — all without impacting network or application performance. Packet Intelligence dramatically improves the effectiveness and performance of threat detection and incident response (IR) tools, including SIEMs, SOARs, UEBAs, and IDS/IPS solutions. Simplify processes with a turnkey threat detection and containment option—no SOC required.
ARIA Packet Intelligence Benefits
Detect More Threats
Expose and identify intrusions typically missed by existing approaches.
Enhance Existing Security Tools
Enable faster incident detection and response, and with fewer false positives.
Improve effectiveness of investigation and automate containment.
Improve Improve Security Posture
Strengthen effectiveness of existing solutions to increase SOC performance.
Quick, simple deployment that is cost-effective to operate.
Gain returns of up to ten times over traditional tools.
Packet Intelligence Offerings
- Threat Analytics Improve visibility and intelligence gathering of network communications.
- Threat Triage Provides entire data conversations and ideal for investigating suspected threats.
Real-time threat containment.
Turnkey threat detection and protection.
Provides a simple, cost-effective approach to improve the visibility and intelligence gathering from network communications. Generates metadata from every network packet at full line rates of 10 to 100G with no loss of application performance. Improved network visibility is achieved by providing NetFlow metadata (v5, v9, or IPFIX format) and application identification information for each traffic stream to existing threat detection tool sets, which allows for faster, more complete identification of threats.
Provides specified select packet capture of particular data conversations in their entirety with a few keystrokes. Ideal for investigating suspected threats as detected. These data streams can be automatically sent to IR tools such as SIEMs, IDS solutions, DLPs, or homegrown tools via integration with SOAR tools or SOC scripts. It’s easy to pivot once a bad actor is found to see the full scope of devices involved. Allows digging deep into the data that matters quickly and easily without overwhelming. By sending only the required packet data, it allows IR tools to operate more effectively by only analyzing the most relevant traffic. This translates into dramatic cost savings by reducing the data directed to SIEM solutions that charge by the ingested bit, like Splunk or QRadar.
Enables real-time threat containment of network-born threats: including insider threats, compromised credentials, bruteforce, DDoS, exfiltration, malware, APTs, and ransomware. Containment occurs immediately as detected via the user interface or fully automated through the integration with SOAR tools and/or scripts and workflows. Our APIs allow such tools to not only stop the specified SRC/DST traffic streams, but to also perform additional actions, including redirect and replicate these traffic streams to specific tool sets for forensic analysis.
Enables full network-based threat detection and protection in a fully integrated solution. This is accomplished through the integration of the Packet Intelligence Threat Suite with third-party security tools, such as IDS systems, to detect threats, and IPS tools to detect and automatically stop threats. ARIA Packet Intelligence’s ability to filter and shunt traffic to these tools limits ingesting to the desired packet conversations. This allows them to run much more effectively while keeping up with typical east-west network traffic rates. This gives organizations a centralized and orchestrated way to secure their entire environment without having a large dedicated team.
|Features||Threat Analytics||Threat Triage||Threat Reaper||Threat Suite|
|App ID analytics|
|Creates analytics for every packet|
|Classifies traffic flows|
|Sends copies of flows to tools|
|Performs multiple operations/ traffic flow|
|Does not impact traffic performance|
|Passively detects threats|
|Redirects traffic flows to prevention tools|
|Enforces connectivity policy|
|API Driven to stop threat traffic|
|Set and forget configuration|
|High Availability option|
|Traffic decryption option|
|IDS or IPS integrated option|
|Email anti-phish option|
|Data protection options|
- 1-10-25- 100G line rate operation
- Unsampled per packet NetFlow metadata (v5, v9), or IPFIX format generation
- Selective traffic steam to full line rate Packet Capture
- In-band or out-of-band deployment deployment options
- Highly available transparent bypass for in-line operation
- Compatible with all modern SIEMs, UEBA, IDS/IPS, and forensic packet recorders
- Delivers UI- or API-driven options for automatic containment of network threats and directing particular data traffic streams to IR tools
- Compatible with SOAR tools and ideal for MDR services deployment
- Four optimized configurations: Threat Analytics, Threat Triage, Threat Reaper, or Turnkey Protection
Contact sales at email@example.com
See How You Can Accelerate Your Incident Response
Watch how you can use ARIA SDS Packet Intelligence and a SOAR tool to accelerate threat investigative response and automate threat detection.
Resources and Related Content
ARIA SDS Solution Combined with Juniper’s Secure Analytics Improves Enterprise-Wide Network Visibility, Intrusion Detection and Threat Containment
ARIA SDS Solution Combined with Sumo Logic Continuous Intelligence Platform Delivers Enhanced Enterprise-wide Network Visibility
ARIA™ Cybersecurity Solutions, a CSPi business (NASDAQ: CSPi), delivers an open, software-defined approach for improved cyber-attack detection and rapid incident response as well as…
Intelligent, Automated SIEM Capabilities for Medical IoT Threat Containment
Learn how we address the unique security challenges found in commercial Internet of Things (IoT) devices, especially in the medical (IoMT) and industrial (IIoT) markets.