SlideShare a Scribd company logo

Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015

Scott Van Valkenburgh
Scott Van Valkenburgh
1 of 8
Download to read offline
Novetta Cyber Analytics Know your network. Arm your analysts. An advanced network-traffic analytics solution. Dramatically increase the efficiency and effectiveness of IT security staff and threat responders by providing them with the right information when they need it.
Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 1 During network security investigations analysts frequently encounter situations where a review of raw packet capture is required to determine if an alert was accurate. This happens often with SIEM systems and firewall consoles because they either do not provide immediate access to raw PCAP (depending on the solution), or do not allow for a broader search of raw PCAP beyond the specific PCAP provided with the alert. On the other hand, leading Security Analytics platforms were originally designed for PCAP analysis, but for forensics, and have since grown their feature set to handle real-time detection of threats, mainly through signature-based deep packet inspection and unknown file sandbox detonation. But because these solutions unravel all content and extract a large volume of data about observed network traffic, even their metadata databases are both enormous and distributed. And because of this, especially at very large scale, ad hoc queries made against these databases that are needed to confirm or deny the criticality of an alert, or rapidly investigate an escalated incident, often take minutes-to-hours-to-never to return comprehensive answers. This lack of response is debilitating to a security analyst, often forcing them into the tedious and time consuming task of wrangling data from multiple systems attempting to piece together what is happening on their network. With both SIEMs and Security Analytics platforms, analysts often quickly reach a point of frustration due to lack of rapid and comprehensive answers to queries run against ground truth PCAP data and/or lack of access to the right PCAP itself. Introduction The Problem: A PCAP Visibility Gap The harsh reality of modern network security is that determined attackers will eventually breach enterprise networks‒– attackers have an asymmetrical advantage and only need to find a single vulnerability to gain an initial foothold. Current security tools, including SIEMs, IPS/IDSs, and Security Analytics tools try to detect and block these attacks, but even today’s best commercially available mostly automated solutions cannot guarantee immunity from targeted attacks, zero-day exploits, and sophisticated malware. To combat these threats security teams must be able to rapidly detect, assess, and contain breaches with a deep but fast network visibility and analysis solution. Novetta Cyber Analytics is an advanced network-traffic analytics solution that empowers analysts with comprehensive, near real-time cyber security visibility and awareness, filling a critical gap in today’s enterprise cyber security toolset. With queries that take only seconds ‒– even at Petabyte network traffic scale ‒– the solution enables analysts to receive comprehensive answers to complex questions “at the speed of thought,” then instantly access the ground truth network traffic needed for alert triage, incident response and hunting. The solution dramatically increases the efficiency and effectiveness of IT security staff and threat response teams by providing them with the right information when they need it. Novetta Cyber Analytics substantially increases the efficiency and effectiveness of security teams.
Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 2 Key Capabilities Comprehensive contextual view • Captures and processes packet capture data at wire speed from multiple strategically distributed sensors across an entire network. • Facilitates rapid, comprehensive queries and immediate access to the original PCAP. • Creates synthetic sessions to make individual host-to-host ‘conversations’ understandable to an analyst. • Generates context-aware security intelligence that fuses network traffic data with threat intelligence and enrichment sources. Security team ‘super charger’ • Provides a feature-rich web interface for alert triage, incident response, and hunting at interactive speeds. • Identifies behaviors that are undetectable using signature-based and forensics-focused solutions. • Includes 100+ pre-built queries, built from years of experience working with network security experts at the Department of Defense. • Enables an analyst’s thoughts and suspicions to be shared within the database itself. Key Features Speed & scale • Collects network traffic at wire speed ‒– up to 40 Gbps. • Queries metadata representing petabytes of network traffic in seconds using Massively Parallel Processing (MPP) and a columnar metadata structure in a centralized analytics hub. • Supports collection from Novetta sensors, legacy devices, and packet capture archives. • Scales to enterprise levels using a cluster-based distributed design. Enriched session views • De-duplicates, fuses, sessionizes and centralizes metadata to create a complete, near real-time, human- understandable network view across dispersed network sensors. • Augments network data via threat intelligence, registrar and passive DNS, IP netblock owners, IP geolocation data, as well as custom sources. Built for analysts • Provides an analytics-focused intuitive web interface for rapid discovery and analysis. • Enables one-click immediate reachback access to original PCAP files. • Provides an ability to ‘tag’ sessions and IP addresses to share knowledge and to label subnets (e.g. ‘Web Servers’) • Integrates seamlessly with third party tools such as SIEMs, Firewalls, and Security Analytics solutions and into existing workflows. Key Benefits Analysts see the truth—fast! • See a complete enterprise-wide view of the behavior associated with advanced threats. • Rapidly contextualize and distinguish between acceptable network traffic behavoir and suspicious or malicious events. • Understand the ground truth of activity by rapidly going to the source — the right network traffic. • Drastically accelerate alert triage, incident response, and breach discovery. • Increase the efficiency of cyber security workers by an estimated 5X – 10X. Improved security posture • Be highly confident in the thoroughness of alert and incident response efforts. • Empower cyber security workers to think creatively about exactly how to find intruders. • Assist analysts in finding never-before- seen — or even suspected — attacks. • Maximize the value of existing infrastructure by discovering vulnerabilities. The Solution But there is a solution.  With strategically placed sensors providing a comprehensive, broad, ground truth network view, and with its core being a single contextually enriched columnar ‘table’ of observed network activity, Novetta Cyber Analytics answers complex queries rapidly and completely, allowing an analyst to, for example, quickly find all related sessions and hosts related to a particular threat or alert ‒– whether it be from a SIEM, firewall or Security Analytics console ‒– immediately drill into the directly related PCAP, pivot and search through more remotely related PCAP, and then repeat. The rapidity of this iterative process provides an analyst with the ability to quickly and comprehensively come to conclusions for alert triage, incident response, and pure network hunting.
Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 3 System Architecture Deployment Options 100% Novetta Sensors The most effective way to deploy Novetta Cyber Analytics is by instrumenting Novetta sensor technology at all strategic vantage points on the enterprise network. Novetta sensors consist of proprietary software run on standard commercial off-the-shelf hardware. Novetta sensor technology compresses and retains PCAP data at the sensor site and makes it available on demand to end users. This design mitigates network congestion and reduces ingest latency to achieve near real-time network data processing in the Cyber Analytics Hub. 100% Legacy Sensors Customers are never locked into Novetta sensor technology. The Novetta Cyber Analytics Batch Ingest Module integrates existing sensor hardware and PCAP data repositories on enterprise networks. Customers can schedule at any interval the batch ingest of the data they collect into the Hub. Hybrid Novetta Cyber Analytics adapts to the needs of heterogeneous enterprise networks. Customers often find that they would prefer more visibility in different sections of their network after understanding the capabilities and effectiveness of the solution. Any number of existing sensors and Novetta sensors can operate concurrently on a network. Customers can easily swap out existing sensors or Novetta sensors to fulfill their unique requirements. Key architectural notes: Strategically placed sensors, distributed raw PCAP storage, centralized metadata-based hub Systems Integration Novetta Cyber Analytics integrates seamlessly with existing security solutions by providing a RESTful web API, a Python API, and a syslog message generation capability. The APIs give external systems direct and secure programmatic access to the Analytics back-end engine with very minimal integration effort — an administrator simply adds a new menu item to launch an analytical search and analysts have direct access to Novetta Cyber Analytics from within their primary workstation interface. The syslog message generation capability enables the creation of syslog messages after the execution of an analytical search, which provides SIEM tools and other monitoring solutions with greater context around network events. Novetta Cyber Analytics is architected from front to back to enhance the speed and efficiency of security team members when doing any sort of investigation. Even deployment is fast, with most installations up and running within two weeks — no tuning required.
Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 4 Analytics Pre-processing Novetta Cyber Analytics eliminates common barriers to network traffic analysis by pre-processing data at ingest. The solution performs the following tasks to facilitate a seamless analytical workflow that increases the operational tempo of incident responders and network security analysts: • Reassembles sessions partitioned by asymmetric routing paths. • Disambiguates sessions from multiple private IP address spaces across the enterprise. • Classifies sessions and nodes to identify threat actors and traffic patterns. • Dissects application-layer services and indexes parameters for major services. • Batch-loads sources of existing PCAP or other traffic data. Performance Novetta Cyber Analytics is designed to process petabytes of network traffic analysis at carrier-grade speed and scalability. Novetta Cyber Analytics represents the state of the art in the application of network traffic analysis and has proven itself on the premises of the largest network in the world — the U.S. Department of Defense. • Sensors capture packets at up to 40 Gbps throughput. • Only essential metadata is extracted from PCAP and loaded into the columnar-based centralized analytics hub to ensure rapid query response times. • Queries on metadata representing petabytes of network traffic run in just seconds. • PCAP is archived at the sensor and retrieved on demand to mitigate network congestion and latency. Analyst Empowerment Novetta Cyber Analytics empowers incident responders and network security analysts to ask questions at the speed of thought, unencumbered by the chores of remembering syntax, data formats, or where they stored their network traffic. Novetta Cyber Analytics exposes an advanced query construction form and provides interactive results exploration features to create a productive analytical experience. For example, the solution: • Enables analysts to have total control over their data via the advanced query construction form. • Includes 100+ pre-built, customizable analytical queries. • Enables analysts to easily drill down and pivot within their data sets via the web UI. • Retrieves original packet capture from sensor archives for forensic analysis. • Distills PCAP data to extract and decode embedded content. A simple, clean, and efficient interface, ideal for analysts, incident responders and network hunters.
Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 5 Contextualization Novetta Cyber Analytics gives context to events by associating the communicating parties of a session with enrichment data sources. Incident responders and network security analysts receive immediate insight into the agents communicating on their networks. Novetta Cyber Analytics immediately integrates the following sources: Collaboration Novetta Cyber Analytics enables teams to create and share knowledge. Incident responders and network security analysts can humanize the traffic data to characterize threats, assets, or activities on their system. This enables teams to effectively discover and prioritize the triage of threats or targets on their systems. To that, end users can: • Create and share knowledge by tagging IP addresses and sessions. • Save, reuse, and share queries. • Schedule queries and specify the conditions for sending notifications. • Enforce custom authentication and role-based access control policies. • City and country level geolocation for IP addresses. • Historic domain names for publicly routable IP addresses. • Domain name resolutions as observed passively on the wire. • Whois IP address block assignments. • Threat intelligence and blacklists. • Custom subscriptions, spreadsheets, or lists. An example of queryable session information made available to an analyst Tags can be applied manually, in bulk, or automatically.
Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 6 Let us prove to you just how effective this solution can be. For more information: 844-NOVETTA (Toll Free) contact@novetta.com v Product Specifications Sensor Hardware Software Device Type: Commodity servers Operating System: RHEL-based Linux Packet Capture Storage: On-board drives, Direct attached storage, and/or SAN/NAS PCAP Compression Ratio: 1.3:1 average Packet Capture Location: SPAN port or Network Tap Metadata to Content Ratio: 100:1 average Network Traffic Interface: Commodity network interface cards Analytics Engine Hardware Software Device Type: Commodity servers Operating System: RHEL-based Linux Data Storage: On-board drives User Interface: Thin client web application Database: Massively Parallel Processing EDW Query APIs: Web-based and Python Example Installations Medium Large Extra Large Sensors 4x 1Gbps 8x 1 Gbps + 2x 10 Gbps 12x 10Gbps Metadata Retention 30 Days 30 Days 120 Days Metadata Storage 13.7 TB 93.8 TB 1.6 PB PCAP Retention 7 Days 7 Days 7 Days PCAP Storage 320 TB 2.1 PB 9.1 PB Novetta Cyber Analytics runs proprietary software on commodity hardware. It is designed to be configurable to the requirements of existing network systems. Please speak with a Novetta sales consultant today to learn how it can be integrated with your systems.
From Complexity to Clarity

Recommended

10 Criteria for Evaluating NPB, Security Architect Edition
10 Criteria for Evaluating NPB, Security Architect Edition10 Criteria for Evaluating NPB, Security Architect Edition
10 Criteria for Evaluating NPB, Security Architect Edition
VSS Monitoring
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
TechBiz Forense Digital
 
RSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureRSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference Architecture
EMC
 
Machine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggleMachine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggle
Priyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
DataWorks Summit
 

Recommended

10 Criteria for Evaluating NPB, Security Architect Edition
10 Criteria for Evaluating NPB, Security Architect Edition10 Criteria for Evaluating NPB, Security Architect Edition
10 Criteria for Evaluating NPB, Security Architect Edition
VSS Monitoring
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
TechBiz Forense Digital
 
RSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureRSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference Architecture
EMC
 
Machine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggleMachine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggle
Priyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
DataWorks Summit
 
Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...
LeMeniz Infotech
 
Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...
Mumbai Academisc
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10G
Savvius, Inc
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINT
Splunk
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documents
Priyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Priyanka Aash
 
Importance of Network Performance Monitoring
Importance of Network Performance MonitoringImportance of Network Performance Monitoring
Importance of Network Performance Monitoring
cPacket Networks
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
Priyanka Aash
 
cPacket's cStor
cPacket's cStor cPacket's cStor
cPacket's cStor
cPacket Networks
 
cPacket's cBurst
cPacket's cBurstcPacket's cBurst
cPacket's cBurst
cPacket Networks
 
A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)
Priyanka Aash
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
Priyanka Aash
 
Observability
ObservabilityObservability
Observability
Maganathin Veeraragaloo
 
Managing a Widely Distributed Network
Managing a Widely Distributed Network Managing a Widely Distributed Network
Managing a Widely Distributed Network
Savvius, Inc
 
Sdn&security
Sdn&securitySdn&security
Sdn&security
Cristiano Monteiro
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
VPN Types, Vulnerabilities & Solutions - Tareq Hanaysha
VPN Types, Vulnerabilities & Solutions - Tareq HanayshaVPN Types, Vulnerabilities & Solutions - Tareq Hanaysha
VPN Types, Vulnerabilities & Solutions - Tareq Hanaysha
Hanaysha
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
jpstudcorner
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-new
Gifty Susan Mani
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
David Sweigert
 
Anusha
AnushaAnusha
Anusha
anusha y
 
De afsluiting en gedeeltelijke droogmaking van de Zuiderzee
De afsluiting en gedeeltelijke droogmaking van de ZuiderzeeDe afsluiting en gedeeltelijke droogmaking van de Zuiderzee
De afsluiting en gedeeltelijke droogmaking van de Zuiderzee
Angelina Souren
 

More Related Content

What's hot

Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...
Mumbai Academisc
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10G
Savvius, Inc
 
Managing a Widely Distributed Network
Managing a Widely Distributed Network Managing a Widely Distributed Network
Managing a Widely Distributed Network
Savvius, Inc
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
David Sweigert
 

What's hot (20)

Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...
 
Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10G
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINT
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documents
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
 
Importance of Network Performance Monitoring
Importance of Network Performance MonitoringImportance of Network Performance Monitoring
Importance of Network Performance Monitoring
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
 
cPacket's cStor
cPacket's cStor cPacket's cStor
cPacket's cStor
 
cPacket's cBurst
cPacket's cBurstcPacket's cBurst
cPacket's cBurst
 
A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
 
Observability
ObservabilityObservability
Observability
 
Managing a Widely Distributed Network
Managing a Widely Distributed Network Managing a Widely Distributed Network
Managing a Widely Distributed Network
 
Sdn&security
Sdn&securitySdn&security
Sdn&security
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
VPN Types, Vulnerabilities & Solutions - Tareq Hanaysha
VPN Types, Vulnerabilities & Solutions - Tareq HanayshaVPN Types, Vulnerabilities & Solutions - Tareq Hanaysha
VPN Types, Vulnerabilities & Solutions - Tareq Hanaysha
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-new
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
 

Viewers also liked

SAP guided workflow in IBM BPM
SAP guided workflow in IBM BPMSAP guided workflow in IBM BPM
SAP guided workflow in IBM BPM
sflynn073
 
Bioimaging_ Aim for the stars -- ScienceDaily
Bioimaging_ Aim for the stars -- ScienceDailyBioimaging_ Aim for the stars -- ScienceDaily
Bioimaging_ Aim for the stars -- ScienceDaily
Guan Wang
 
HISTORIA DEL INTERNET
HISTORIA DEL INTERNETHISTORIA DEL INTERNET
HISTORIA DEL INTERNET
araceli_mm
 
Flubber2
Flubber2Flubber2
Flubber2
MrsT56
 
Cyanide paper
Cyanide paperCyanide paper
Cyanide paper
Angelina Souren
 
Ghost’s2
Ghost’s2Ghost’s2
Ghost’s2
MrsT56
 
Все секреты рулетки
Все секреты рулеткиВсе секреты рулетки
Все секреты рулетки
admiral777com
 
Escaping peppertrick2
Escaping peppertrick2Escaping peppertrick2
Escaping peppertrick2
MrsT56
 

Viewers also liked (20)

Anusha
AnushaAnusha
Anusha
 
De afsluiting en gedeeltelijke droogmaking van de Zuiderzee
De afsluiting en gedeeltelijke droogmaking van de ZuiderzeeDe afsluiting en gedeeltelijke droogmaking van de Zuiderzee
De afsluiting en gedeeltelijke droogmaking van de Zuiderzee
 
MU access Award prestation.
MU access Award prestation.MU access Award prestation.
MU access Award prestation.
 
SAP guided workflow in IBM BPM
SAP guided workflow in IBM BPMSAP guided workflow in IBM BPM
SAP guided workflow in IBM BPM
 
Bioimaging_ Aim for the stars -- ScienceDaily
Bioimaging_ Aim for the stars -- ScienceDailyBioimaging_ Aim for the stars -- ScienceDaily
Bioimaging_ Aim for the stars -- ScienceDaily
 
7 things to know about laser hair removal
7 things to know about laser hair removal7 things to know about laser hair removal
7 things to know about laser hair removal
 
HISTORIA DEL INTERNET
HISTORIA DEL INTERNETHISTORIA DEL INTERNET
HISTORIA DEL INTERNET
 
Flubber2
Flubber2Flubber2
Flubber2
 
Tie box
Tie boxTie box
Tie box
 
Cyanide paper
Cyanide paperCyanide paper
Cyanide paper
 
Возобновляемые источники энергии
Возобновляемые источники энергииВозобновляемые источники энергии
Возобновляемые источники энергии
 
Smetwp 3 20160323
Smetwp 3 20160323Smetwp 3 20160323
Smetwp 3 20160323
 
Industrial disputes act
Industrial disputes actIndustrial disputes act
Industrial disputes act
 
음반커버디자인 김현정
음반커버디자인 김현정음반커버디자인 김현정
음반커버디자인 김현정
 
Ghost’s2
Ghost’s2Ghost’s2
Ghost’s2
 
سجنك حرية | عام على اعتقال "هبة قشطة" من داخل جامعة المنصورة
سجنك حرية | عام على اعتقال "هبة قشطة" من داخل جامعة المنصورةسجنك حرية | عام على اعتقال "هبة قشطة" من داخل جامعة المنصورة
سجنك حرية | عام على اعتقال "هبة قشطة" من داخل جامعة المنصورة
 
Все секреты рулетки
Все секреты рулеткиВсе секреты рулетки
Все секреты рулетки
 
Escaping peppertrick2
Escaping peppertrick2Escaping peppertrick2
Escaping peppertrick2
 
Cocaine
CocaineCocaine
Cocaine
 
TLCs Colombia
TLCs ColombiaTLCs Colombia
TLCs Colombia
 

Similar to Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015

S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
Brian Proctor - GICSP, CISSP, CRISC
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
Novetta
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
Cloudera, Inc.
 
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkWhy the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Novetta
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
Blue Coat
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
Yahoo Developer Network
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
Mouaz Alnouri
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 

Similar to Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015 (20)

Savvius_Introduction to workshop
Savvius_Introduction to workshopSavvius_Introduction to workshop
Savvius_Introduction to workshop
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
 
Accelerating Cyber Threat Detection With GPU
Accelerating Cyber Threat Detection With GPUAccelerating Cyber Threat Detection With GPU
Accelerating Cyber Threat Detection With GPU
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
NetWitness Overview
NetWitness OverviewNetWitness Overview
NetWitness Overview
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Sideband_SB_020316
Sideband_SB_020316Sideband_SB_020316
Sideband_SB_020316
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
 
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkWhy the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
 
Network Operations Solutions - Perydot - Integrated Network Management for D...
Network Operations Solutions - Perydot - Integrated Network Management for D...Network Operations Solutions - Perydot - Integrated Network Management for D...
Network Operations Solutions - Perydot - Integrated Network Management for D...
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
 
Big Crypto for Little Things
Big Crypto for Little ThingsBig Crypto for Little Things
Big Crypto for Little Things
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 

Novetta Cyber Analytics Product Brochure Final_Web_4.20.2015

  • 1. Novetta Cyber Analytics Know your network. Arm your analysts. An advanced network-traffic analytics solution. Dramatically increase the efficiency and effectiveness of IT security staff and threat responders by providing them with the right information when they need it.
  • 2. Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 1 During network security investigations analysts frequently encounter situations where a review of raw packet capture is required to determine if an alert was accurate. This happens often with SIEM systems and firewall consoles because they either do not provide immediate access to raw PCAP (depending on the solution), or do not allow for a broader search of raw PCAP beyond the specific PCAP provided with the alert. On the other hand, leading Security Analytics platforms were originally designed for PCAP analysis, but for forensics, and have since grown their feature set to handle real-time detection of threats, mainly through signature-based deep packet inspection and unknown file sandbox detonation. But because these solutions unravel all content and extract a large volume of data about observed network traffic, even their metadata databases are both enormous and distributed. And because of this, especially at very large scale, ad hoc queries made against these databases that are needed to confirm or deny the criticality of an alert, or rapidly investigate an escalated incident, often take minutes-to-hours-to-never to return comprehensive answers. This lack of response is debilitating to a security analyst, often forcing them into the tedious and time consuming task of wrangling data from multiple systems attempting to piece together what is happening on their network. With both SIEMs and Security Analytics platforms, analysts often quickly reach a point of frustration due to lack of rapid and comprehensive answers to queries run against ground truth PCAP data and/or lack of access to the right PCAP itself. Introduction The Problem: A PCAP Visibility Gap The harsh reality of modern network security is that determined attackers will eventually breach enterprise networks‒– attackers have an asymmetrical advantage and only need to find a single vulnerability to gain an initial foothold. Current security tools, including SIEMs, IPS/IDSs, and Security Analytics tools try to detect and block these attacks, but even today’s best commercially available mostly automated solutions cannot guarantee immunity from targeted attacks, zero-day exploits, and sophisticated malware. To combat these threats security teams must be able to rapidly detect, assess, and contain breaches with a deep but fast network visibility and analysis solution. Novetta Cyber Analytics is an advanced network-traffic analytics solution that empowers analysts with comprehensive, near real-time cyber security visibility and awareness, filling a critical gap in today’s enterprise cyber security toolset. With queries that take only seconds ‒– even at Petabyte network traffic scale ‒– the solution enables analysts to receive comprehensive answers to complex questions “at the speed of thought,” then instantly access the ground truth network traffic needed for alert triage, incident response and hunting. The solution dramatically increases the efficiency and effectiveness of IT security staff and threat response teams by providing them with the right information when they need it. Novetta Cyber Analytics substantially increases the efficiency and effectiveness of security teams.
  • 3. Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 2 Key Capabilities Comprehensive contextual view • Captures and processes packet capture data at wire speed from multiple strategically distributed sensors across an entire network. • Facilitates rapid, comprehensive queries and immediate access to the original PCAP. • Creates synthetic sessions to make individual host-to-host ‘conversations’ understandable to an analyst. • Generates context-aware security intelligence that fuses network traffic data with threat intelligence and enrichment sources. Security team ‘super charger’ • Provides a feature-rich web interface for alert triage, incident response, and hunting at interactive speeds. • Identifies behaviors that are undetectable using signature-based and forensics-focused solutions. • Includes 100+ pre-built queries, built from years of experience working with network security experts at the Department of Defense. • Enables an analyst’s thoughts and suspicions to be shared within the database itself. Key Features Speed & scale • Collects network traffic at wire speed ‒– up to 40 Gbps. • Queries metadata representing petabytes of network traffic in seconds using Massively Parallel Processing (MPP) and a columnar metadata structure in a centralized analytics hub. • Supports collection from Novetta sensors, legacy devices, and packet capture archives. • Scales to enterprise levels using a cluster-based distributed design. Enriched session views • De-duplicates, fuses, sessionizes and centralizes metadata to create a complete, near real-time, human- understandable network view across dispersed network sensors. • Augments network data via threat intelligence, registrar and passive DNS, IP netblock owners, IP geolocation data, as well as custom sources. Built for analysts • Provides an analytics-focused intuitive web interface for rapid discovery and analysis. • Enables one-click immediate reachback access to original PCAP files. • Provides an ability to ‘tag’ sessions and IP addresses to share knowledge and to label subnets (e.g. ‘Web Servers’) • Integrates seamlessly with third party tools such as SIEMs, Firewalls, and Security Analytics solutions and into existing workflows. Key Benefits Analysts see the truth—fast! • See a complete enterprise-wide view of the behavior associated with advanced threats. • Rapidly contextualize and distinguish between acceptable network traffic behavoir and suspicious or malicious events. • Understand the ground truth of activity by rapidly going to the source — the right network traffic. • Drastically accelerate alert triage, incident response, and breach discovery. • Increase the efficiency of cyber security workers by an estimated 5X – 10X. Improved security posture • Be highly confident in the thoroughness of alert and incident response efforts. • Empower cyber security workers to think creatively about exactly how to find intruders. • Assist analysts in finding never-before- seen — or even suspected — attacks. • Maximize the value of existing infrastructure by discovering vulnerabilities. The Solution But there is a solution.  With strategically placed sensors providing a comprehensive, broad, ground truth network view, and with its core being a single contextually enriched columnar ‘table’ of observed network activity, Novetta Cyber Analytics answers complex queries rapidly and completely, allowing an analyst to, for example, quickly find all related sessions and hosts related to a particular threat or alert ‒– whether it be from a SIEM, firewall or Security Analytics console ‒– immediately drill into the directly related PCAP, pivot and search through more remotely related PCAP, and then repeat. The rapidity of this iterative process provides an analyst with the ability to quickly and comprehensively come to conclusions for alert triage, incident response, and pure network hunting.
  • 4. Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 3 System Architecture Deployment Options 100% Novetta Sensors The most effective way to deploy Novetta Cyber Analytics is by instrumenting Novetta sensor technology at all strategic vantage points on the enterprise network. Novetta sensors consist of proprietary software run on standard commercial off-the-shelf hardware. Novetta sensor technology compresses and retains PCAP data at the sensor site and makes it available on demand to end users. This design mitigates network congestion and reduces ingest latency to achieve near real-time network data processing in the Cyber Analytics Hub. 100% Legacy Sensors Customers are never locked into Novetta sensor technology. The Novetta Cyber Analytics Batch Ingest Module integrates existing sensor hardware and PCAP data repositories on enterprise networks. Customers can schedule at any interval the batch ingest of the data they collect into the Hub. Hybrid Novetta Cyber Analytics adapts to the needs of heterogeneous enterprise networks. Customers often find that they would prefer more visibility in different sections of their network after understanding the capabilities and effectiveness of the solution. Any number of existing sensors and Novetta sensors can operate concurrently on a network. Customers can easily swap out existing sensors or Novetta sensors to fulfill their unique requirements. Key architectural notes: Strategically placed sensors, distributed raw PCAP storage, centralized metadata-based hub Systems Integration Novetta Cyber Analytics integrates seamlessly with existing security solutions by providing a RESTful web API, a Python API, and a syslog message generation capability. The APIs give external systems direct and secure programmatic access to the Analytics back-end engine with very minimal integration effort — an administrator simply adds a new menu item to launch an analytical search and analysts have direct access to Novetta Cyber Analytics from within their primary workstation interface. The syslog message generation capability enables the creation of syslog messages after the execution of an analytical search, which provides SIEM tools and other monitoring solutions with greater context around network events. Novetta Cyber Analytics is architected from front to back to enhance the speed and efficiency of security team members when doing any sort of investigation. Even deployment is fast, with most installations up and running within two weeks — no tuning required.
  • 5. Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 4 Analytics Pre-processing Novetta Cyber Analytics eliminates common barriers to network traffic analysis by pre-processing data at ingest. The solution performs the following tasks to facilitate a seamless analytical workflow that increases the operational tempo of incident responders and network security analysts: • Reassembles sessions partitioned by asymmetric routing paths. • Disambiguates sessions from multiple private IP address spaces across the enterprise. • Classifies sessions and nodes to identify threat actors and traffic patterns. • Dissects application-layer services and indexes parameters for major services. • Batch-loads sources of existing PCAP or other traffic data. Performance Novetta Cyber Analytics is designed to process petabytes of network traffic analysis at carrier-grade speed and scalability. Novetta Cyber Analytics represents the state of the art in the application of network traffic analysis and has proven itself on the premises of the largest network in the world — the U.S. Department of Defense. • Sensors capture packets at up to 40 Gbps throughput. • Only essential metadata is extracted from PCAP and loaded into the columnar-based centralized analytics hub to ensure rapid query response times. • Queries on metadata representing petabytes of network traffic run in just seconds. • PCAP is archived at the sensor and retrieved on demand to mitigate network congestion and latency. Analyst Empowerment Novetta Cyber Analytics empowers incident responders and network security analysts to ask questions at the speed of thought, unencumbered by the chores of remembering syntax, data formats, or where they stored their network traffic. Novetta Cyber Analytics exposes an advanced query construction form and provides interactive results exploration features to create a productive analytical experience. For example, the solution: • Enables analysts to have total control over their data via the advanced query construction form. • Includes 100+ pre-built, customizable analytical queries. • Enables analysts to easily drill down and pivot within their data sets via the web UI. • Retrieves original packet capture from sensor archives for forensic analysis. • Distills PCAP data to extract and decode embedded content. A simple, clean, and efficient interface, ideal for analysts, incident responders and network hunters.
  • 6. Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 5 Contextualization Novetta Cyber Analytics gives context to events by associating the communicating parties of a session with enrichment data sources. Incident responders and network security analysts receive immediate insight into the agents communicating on their networks. Novetta Cyber Analytics immediately integrates the following sources: Collaboration Novetta Cyber Analytics enables teams to create and share knowledge. Incident responders and network security analysts can humanize the traffic data to characterize threats, assets, or activities on their system. This enables teams to effectively discover and prioritize the triage of threats or targets on their systems. To that, end users can: • Create and share knowledge by tagging IP addresses and sessions. • Save, reuse, and share queries. • Schedule queries and specify the conditions for sending notifications. • Enforce custom authentication and role-based access control policies. • City and country level geolocation for IP addresses. • Historic domain names for publicly routable IP addresses. • Domain name resolutions as observed passively on the wire. • Whois IP address block assignments. • Threat intelligence and blacklists. • Custom subscriptions, spreadsheets, or lists. An example of queryable session information made available to an analyst Tags can be applied manually, in bulk, or automatically.
  • 7. Novetta Cyber Analytics • 7921 Jones Branch Drive • McLean VA 22102 • contact@novetta.com 6 Let us prove to you just how effective this solution can be. For more information: 844-NOVETTA (Toll Free) contact@novetta.com v Product Specifications Sensor Hardware Software Device Type: Commodity servers Operating System: RHEL-based Linux Packet Capture Storage: On-board drives, Direct attached storage, and/or SAN/NAS PCAP Compression Ratio: 1.3:1 average Packet Capture Location: SPAN port or Network Tap Metadata to Content Ratio: 100:1 average Network Traffic Interface: Commodity network interface cards Analytics Engine Hardware Software Device Type: Commodity servers Operating System: RHEL-based Linux Data Storage: On-board drives User Interface: Thin client web application Database: Massively Parallel Processing EDW Query APIs: Web-based and Python Example Installations Medium Large Extra Large Sensors 4x 1Gbps 8x 1 Gbps + 2x 10 Gbps 12x 10Gbps Metadata Retention 30 Days 30 Days 120 Days Metadata Storage 13.7 TB 93.8 TB 1.6 PB PCAP Retention 7 Days 7 Days 7 Days PCAP Storage 320 TB 2.1 PB 9.1 PB Novetta Cyber Analytics runs proprietary software on commodity hardware. It is designed to be configurable to the requirements of existing network systems. Please speak with a Novetta sales consultant today to learn how it can be integrated with your systems.