Making Threat Big Data Manageable

Threat intelligence is a big data challenge. Data volumes from traffic capture alone can be huge. A single sensor on a Gigabit network backbone has the potential to capture over 10 Terabytes of PCAP data a day.

BotProbe uses IPFIX to capture only the network and application layer threat intelligence data that matters; resulting in up to a 97% reduction in data volumes over similar PCAP capture.


 BIG DATA   noun [U]:

high-volume, high-velocity, high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making, and process automation. (Gartner, 2017)


BotProbe means:

  • Faster reaction time to threats;

    Data capture tuning means your SOC team analysing only the relevant threat data during an on-going incident, threats can be detected earlier, minimising threat exposure and protecting business assets and reputation

  • Reduction in data storage volumes;

    Focused traffic capture and storage means it is now efficient to capture pre-attack forensics traffic or evidence required for legal interception

  • Software probes replace SPAN and mirroring;

    Replacing traditional traffic capture mirroring techniques with software probes also means flexibility, where probes can be installed on any end-device, be it an IoT sensor, PC, server, hypervisor, switch or router

  • Adaptive data capture;

    A machine learning algorithm at the heart of BotProbe adapts the IPFIX capture templates in real-time to ensure optimum data content capture



Download our IPFIX primer

Name *

Email *

BotProbe can be incorporated into any threat intelligence framework to protect internal infrastructures
An Established ISO27001 incident response policy can use BotProbe for efficient data capture
A single capture device on a Gigabit network backbone can capture over a 100 Terabytes of PCAP data a day.