Making Threat Big Data Manageable
Threat intelligence is a big data challenge. Data volumes from traffic capture alone can be huge. A single sensor on a Gigabit network backbone has the potential to capture over 10 Terabytes of PCAP data a day.
BotProbe uses IPFIX to capture only the network and application layer threat intelligence data that matters; resulting in up to a 97% reduction in data volumes over similar PCAP capture.
BIG DATA noun [U]:
high-volume, high-velocity, high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making, and process automation. (Gartner, 2017)
Faster reaction time to threats;
Data capture tuning means your SOC team analysing only the relevant threat data during an on-going incident, threats can be detected earlier, minimising threat exposure and protecting business assets and reputation
Reduction in data storage volumes;
Focused traffic capture and storage means it is now efficient to capture pre-attack forensics traffic or evidence required for legal interception
Software probes replace SPAN and mirroring;
Replacing traditional traffic capture mirroring techniques with software probes also means flexibility, where probes can be installed on any end-device, be it an IoT sensor, PC, server, hypervisor, switch or router
Adaptive data capture;
A machine learning algorithm at the heart of BotProbe adapts the IPFIX capture templates in real-time to ensure optimum data content capture