ARIA SDS Packet Intelligence

Improve and Speed-up Threat Containment Effectiveness

Enhanced Threat Detection, Accelerated Incident Response, and Automated Threat Containment

With the ARIA SDS Packet Intelligence application, security resources have complete visibility into internal network traffic, including east-west data flows. This enables better, more comprehensive threat detection, faster investigative responses, and immediate network threat containment — all without impacting network or application performance. Packet Intelligence dramatically improves the effectiveness and performance of threat detection and incident response (IR) tools, including SIEMs, SOARs, UEBAs, and IDS/IPS solutions. Simplify processes with a turnkey threat detection and containment option—no SOC required.

ARIA Packet Intelligence Benefits


Detect More Threats

Detect More Threats
Expose and identify intrusions typically missed by existing approaches.

Faster Detection

Enhance Existing Security Tools
Enable faster incident detection and response, and with fewer false positives.

Automate Response

Automate Response
Improve effectiveness of investigation and automate containment.

Increase SOC Effectiveness

Improve Improve Security Posture
Strengthen effectiveness of existing solutions to increase SOC performance.

Reduce Costs

Reduce Costs
Quick, simple deployment that is cost-effective to operate.

Faster ROI

Fast ROI
Gain returns of up to ten times over traditional tools.

Packet Intelligence Offerings


Provides a simple, cost-effective approach to improve the visibility and intelligence gathering from network communications. Generates metadata from every network packet at full line rates of 10 to 100G with no loss of application performance. Improved network visibility is achieved by providing NetFlow metadata (v5, v9, or IPFIX format) and application identification information for each traffic stream to existing threat detection tool sets, which allows for faster, more complete identification of threats.

Threat Analytics

Provides specified select packet capture of particular data conversations in their entirety with a few keystrokes. Ideal for investigating suspected threats as detected. These data streams can be automatically sent to IR tools such as SIEMs, IDS solutions, DLPs, or homegrown tools via integration with SOAR tools or SOC scripts. It’s easy to pivot once a bad actor is found to see the full scope of devices involved. Allows digging deep into the data that matters quickly and easily without overwhelming. By sending only the required packet data, it allows IR tools to operate more effectively by only analyzing the most relevant traffic. This translates into dramatic cost savings by reducing the data directed to SIEM solutions that charge by the ingested bit, like Splunk or QRadar.

Threat Triage

Enables real-time threat containment of network-born threats: including insider threats, compromised credentials, bruteforce, DDoS, exfiltration, malware, APTs, and ransomware. Containment occurs immediately as detected via the user interface or fully automated through the integration with SOAR tools and/or scripts and workflows. Our APIs allow such tools to not only stop the specified SRC/DST traffic streams, but to also perform additional actions, including redirect and replicate these traffic streams to specific tool sets for forensic analysis.

Threat Reaper

Enables full network-based threat detection and protection in a fully integrated solution. This is accomplished through the integration of the Packet Intelligence Threat Suite with third-party security tools, such as IDS systems, to detect threats, and IPS tools to detect and automatically stop threats. ARIA Packet Intelligence’s ability to filter and shunt traffic to these tools limits ingesting to the desired packet conversations. This allows them to run much more effectively while keeping up with typical east-west network traffic rates. This gives organizations a centralized and orchestrated way to secure their entire environment without having a large dedicated team.

Compatible Products

Comparison Matrix


Features Threat Analytics Threat Triage Threat Reaper Threat Suite
Netflow analytics
App ID analytics
Creates analytics for every packet
Classifies traffic flows
Sends copies of flows to tools
Performs multiple operations/ traffic flow
Does not impact traffic performance
Deploys passively
Passively detects threats
Deploys actively
Redirects traffic flows to prevention tools
Enforces connectivity policy
Performs micro-segmentation
API Driven to stop threat traffic
Automated deployment
Set and forget configuration
High Availability option
Traffic decryption option
IDS or IPS integrated option
Email anti-phish option
Data protection options
  • 1-10-25- 100G line rate operation
  • Unsampled per packet NetFlow metadata (v5, v9), or IPFIX format generation
  • Selective traffic steam to full line rate Packet Capture
  • In-band or out-of-band deployment deployment options
  • Highly available transparent bypass for in-line operation
  • Compatible with all modern SIEMs, UEBA, IDS/IPS, and forensic packet recorders
  • Delivers UI- or API-driven options for automatic containment of network threats and directing particular data traffic streams to IR tools
  • Compatible with SOAR tools and ideal for MDR services deployment
  • Four optimized configurations: Threat Analytics, Threat Triage, Threat Reaper, or Turnkey Protection

See How You Can Accelerate Your Incident Response

Watch how you can use ARIA SDS Packet Intelligence and a SOAR tool to accelerate threat investigative response and automate threat detection.

Watch Use Case

Resources and Related Content


November 21, 2019
ARIA Cybersecurity Solutions Integrates with Demisto Enterprise to Automate Threat Containment

Integration Combines ARIA SDS with Security Orchestration, Automation, and Response (SOAR) to Deliver Unparalleled Ability to Detect and Stop Network-borne Attacks

October 16, 2019
ARIA Cybersecurity Solutions Awarded Best Network Security Product

CyberDefense Magazine Honors Unique and Compelling Solutions in Information Security

June 11, 2019
CSPi Launches Cybersecurity Solution to Address Commercial IoT Security Risks

Joint Solution with Seceon Provides Intelligent, Automated SIEM Capabilities to Proactively Stop Cyberattacks



August 1, 2019
Attend this one-day conference for informational presentations on current cybersecurity threats and solutions. You’ll also have the chance to visit 30-60 cybersecurity exhibits.
August 26, 2019
Join us at VMworld, where the people and organizations creating the digital foundation for technology and business transformation gather together. From data center to…
September 19, 2019
Attend this one-day conference for informational presentations on current cybersecurity threats and solutions. You’ll also have the chance to visit 30-60 cybersecurity exhibits.


Intelligent, Automated SIEM Capabilities for Medical IoT Threat Containment

Learn how we address the unique security challenges found in commercial Internet of Things (IoT) devices, especially in the medical (IoMT) and industrial (IIoT) markets.


Watch Video