Making Threat Big Data Manageable

Threat intelligence is a big data challenge. Data volumes from traffic capture alone can be huge. A single sensor on a Gigabit network backbone has the potential to capture over 10 Terabytes of PCAP data a day.

BotProbe uses IPFIX to capture only the network and application layer threat intelligence data that matters; resulting in up to a 97% reduction in data volumes over similar PCAP capture.

 BIG DATA   noun [U]:

high-volume, high-velocity, high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making, and process automation. (Gartner, 2017)

BotProbe means:

• Faster reaction time to threats;

  Data capture tuning means your SOC team analysing only the relevant threat data during an on-going incident, threats can be detected earlier, minimising threat exposure and protecting business assets and reputation

• Reduction in data storage volumes;

  Focused traffic capture and storage means it is now efficient to capture pre-attack forensics traffic or evidence required for legal interception

• Software probes replace SPAN and mirroring;

  Replacing traditional traffic capture mirroring techniques with software probes also means flexibility, where probes can be installed on any end-device, be it an IoT sensor, PC, server, hypervisor, switch or router

• Adaptive data capture;

  A machine learning algorithm at the heart of BotProbe adapts the IPFIX capture templates in real-time to ensure optimum data content capture

Download our IPFIX primer