ARIA SDS Packet Intelligence

Improve and Speed-up Threat Containment Effectiveness

Enhanced Threat Detection, Accelerated Incident Response, and Automated Threat Containment

With the ARIA SDS Packet Intelligence application, security resources have complete visibility into internal network traffic, including east-west data flows. This enables better, more comprehensive threat detection, faster investigative responses, and immediate network threat containment — all without impacting network or application performance. Packet Intelligence dramatically improves the effectiveness and performance of threat detection and incident response (IR) tools, including SIEMs, SOARs, UEBAs, and IDS/IPS solutions. Simplify processes with a turnkey threat detection and containment option—no SOC required.

ARIA Packet Intelligence Benefits


Detect More Threats

Detect More Threats
Expose and identify intrusions typically missed by existing approaches.

Faster Detection

Enhance Existing Security Tools
Enable faster incident detection and response, and with fewer false positives.

Automate Response

Automate Response
Improve effectiveness of investigation and automate containment.

Increase SOC Effectiveness

Improve Improve Security Posture
Strengthen effectiveness of existing solutions to increase SOC performance.

Reduce Costs

Reduce Costs
Quick, simple deployment that is cost-effective to operate.

Faster ROI

Fast ROI
Gain returns of up to ten times over traditional tools.

Packet Intelligence Offerings


Provides a simple, cost-effective approach to improve the visibility and intelligence gathering from network communications. Generates metadata from every network packet at full line rates of 10 to 100G with no loss of application performance. Improved network visibility is achieved by providing NetFlow metadata (v5, v9, or IPFIX format) and application identification information for each traffic stream to existing threat detection tool sets, which allows for faster, more complete identification of threats.

Threat Analytics

Provides specified select packet capture of particular data conversations in their entirety with a few keystrokes. Ideal for investigating suspected threats as detected. These data streams can be automatically sent to IR tools such as SIEMs, IDS solutions, DLPs, or homegrown tools via integration with SOAR tools or SOC scripts. It’s easy to pivot once a bad actor is found to see the full scope of devices involved. Allows digging deep into the data that matters quickly and easily without overwhelming. By sending only the required packet data, it allows IR tools to operate more effectively by only analyzing the most relevant traffic. This translates into dramatic cost savings by reducing the data directed to SIEM solutions that charge by the ingested bit, like Splunk or QRadar.

Threat Triage

Enables real-time threat containment of network-born threats: including insider threats, compromised credentials, bruteforce, DDoS, exfiltration, malware, APTs, and ransomware. Containment occurs immediately as detected via the user interface or fully automated through the integration with SOAR tools and/or scripts and workflows. Our APIs allow such tools to not only stop the specified SRC/DST traffic streams, but to also perform additional actions, including redirect and replicate these traffic streams to specific tool sets for forensic analysis.

Threat Reaper

Enables full network-based threat detection and protection in a fully integrated solution. This is accomplished through the integration of the Packet Intelligence Threat Suite with third-party security tools, such as IDS systems, to detect threats, and IPS tools to detect and automatically stop threats. ARIA Packet Intelligence’s ability to filter and shunt traffic to these tools limits ingesting to the desired packet conversations. This allows them to run much more effectively while keeping up with typical east-west network traffic rates. This gives organizations a centralized and orchestrated way to secure their entire environment without having a large dedicated team.

Compatible Products

Comparison Matrix


Features Threat Analytics Threat Triage Threat Reaper Threat Suite
Netflow analytics
App ID analytics
Creates analytics for every packet
Classifies traffic flows
Sends copies of flows to tools
Performs multiple operations/ traffic flow
Does not impact traffic performance
Deploys passively
Passively detects threats
Deploys actively
Redirects traffic flows to prevention tools
Enforces connectivity policy
Performs micro-segmentation
API Driven to stop threat traffic
Automated deployment
Set and forget configuration
High Availability option
Traffic decryption option
IDS or IPS integrated option
Email anti-phish option
Data protection options
  • 1-10-25- 100G line rate operation
  • Unsampled per packet NetFlow metadata (v5, v9), or IPFIX format generation
  • Selective traffic steam to full line rate Packet Capture
  • In-band or out-of-band deployment deployment options
  • Highly available transparent bypass for in-line operation
  • Compatible with all modern SIEMs, UEBA, IDS/IPS, and forensic packet recorders
  • Delivers UI- or API-driven options for automatic containment of network threats and directing particular data traffic streams to IR tools
  • Compatible with SOAR tools and ideal for MDR services deployment
  • Four optimized configurations: Threat Analytics, Threat Triage, Threat Reaper, or Turnkey Protection

See How You Can Accelerate Your Incident Response

Watch how you can use ARIA SDS Packet Intelligence and a SOAR tool to accelerate threat investigative response and automate threat detection.

Watch Use Case

Resources and Related Content


February 26, 2020
ARIA Cybersecurity Solutions Integrates with Juniper Networks to Stop Network-Borne Threats Earlier in the Cybersecurity Kill-Chain Process

ARIA SDS Solution Combined with Juniper’s Secure Analytics Improves Enterprise-Wide Network Visibility, Intrusion Detection and Threat Containment

February 25, 2020
ARIA Cybersecurity Solutions Integrates with Sumo Logic to Improve Cyber Intrusion Detection and Containment of Network-borne Attacks

ARIA SDS Solution Combined with Sumo Logic Continuous Intelligence Platform Delivers Enhanced Enterprise-wide Network Visibility

December 9, 2019
ARIA Cybersecurity Solutions Expands Partner Network with the Addition of HIC Network Security Solutions and SYNACKTEK

ARIA™ Cybersecurity Solutions, a CSPi business (NASDAQ: CSPi), delivers an open, software-defined approach for improved cyber-attack detection and rapid incident response as well as…



January 23, 2020
Attend this one-day conference for informational presentations on current cybersecurity threats and solutions. You’ll also have the chance to visit 30-60 cybersecurity exhibits.


Intelligent, Automated SIEM Capabilities for Medical IoT Threat Containment

Learn how we address the unique security challenges found in commercial Internet of Things (IoT) devices, especially in the medical (IoMT) and industrial (IIoT) markets.


Watch Video