ARIA SDS Packet Intelligence
Improve and Speed-up Threat Containment Effectiveness
Enhanced Network Visibility, Accelerated Incident Response, and Better Threat Containment
The ARIA SDS Packet Intelligence (PI) application provides complete visibility into internal network traffic, including east-west data flows. The application sees every packet and creates security analytics that are transparently ingested by today’s SIEMs, which dramatically improves the effectiveness at finding active network-borne threats. SOC teams can control the ARIA PI application to send select traffic into IDS/IPS tools or forensic recorders for deeper investigations. SOC teams can then use the application to isolate compromised devices or keep critical devices online while blocking threat communications only. These factors enable better, more comprehensive threat detection, faster investigative responses, and immediate threat containment — all without impacting network or application performance. Find and stop more modern-day threats that would normally be missed – such as malware, ransomware and more.
ARIA Packet Intelligence Benefits
Detect More Threats
Expose and identify intrusions typically missed by existing approaches.
Enhance Existing Security Tools
Enable faster incident detection and response, and with fewer false positives.
Improve effectiveness of investigation and automate containment.
Improve Improve Security Posture
Strengthen effectiveness of existing solutions to increase SOC performance.
Quick, simple deployment that is cost-effective to operate.
Gain returns of up to ten times over traditional tools.
Packet Intelligence Offerings
- Threat Analytics Improve visibility and intelligence gathering of network communications.
- Threat Triage Provides entire data conversations and ideal for investigating suspected threats.
Real-time threat containment.
Integration With ARIA ADR
Intelligent cyber attack containment and remediation.
Deployed through switch span ports or network taps, out-of-band, the Threat Analytics configuration improves network visibility and intelligence gathering from the generation of NetFlow metadata for every network packet. SIEMs can use this information to identify network-based threats and attacks, such as malware, ransomware, and intrusions.
Deployed through either a network tap or span switch, out-of-band, the Threat Triage configuration can direct traffic streams to existing threat detection tool sets, which allows for faster IR with more complete identification and verification of threats. It offers intelligent filter capabilities to direct only the appropriate classified traffic streams to security toolsets. Such adaptive filtering allows detection tools to operate more effectively by only analyzing the most relevant threat conversation traffic.
The in-band deployment of the Threat Reaper configuration adds the ability for real-time containment of network threats once identified, as well as the execution of network connectivity policy enforcement. It works with third-party tools that support security orchestration, automation, and response (SOAR) solutions, and/or automated scripts and ARIA-provided workflows that allow such tools to communicate with ARIA PI to stop the threats as they are detected.
ARIA PI is out of the box integrated with our ARIA ADR application. It enables ARIA ADR to find internal network-borne threats, and enables ADR to communicate to PI to perform automated containment of the complete range of attacks it finds. This all happens from within the network and is transparent to the devices and applications.
- 1-10-25- 100G line rate operation
- Unsampled per packet NetFlow metadata (v5, v9), or IPFIX format generation
- Selective traffic stream – Redirect and/or drop to full line rate Packet Capture
- In-band or out-of-band deployment deployment options
- Highly available transparent bypass for in-line operation
- Out-of-the-box integration with all modern, SIEMs, IDS/IPS and forensic packet recorders
- Delivers UI- or API-driven options for automatic containment of network threats and directing particular data traffic streams to IR tools
- Compatible with SOAR tools and ideal for MDR services deployment
- Four optimized configurations: Threat Analytics, Threat Triage, Threat Reaper, or integration with ARIA ADR
Contact sales at email@example.com
Resources and Related Content
ARIA Cybersecurity Announces ARIA ADR Application Providing AI-Driven Automated Attack Containment
ARIA Cybersecurity Solutions Wins for Innovation in IoT and Network Security, as well as Industry Compliance IN 8th Annual InfoSec Awards at #RSAC 2020
Acknowledged for Solutions for Encryption, Threat Detection and Response, as well as Industry Compliance