Threat intelligence is a big data challenge. A single capture device on a Gigabit network backbone has the potential to capture over a 100 Terabytes of PCAP data a day.
Capture data not only requires storage, but must also be analysed. Reducing the volumes of analysis data means SOC analyst teams can be more efficient; understanding the threat and responding to mitigation more quickly, thereby protecting business assets and reputation.
An AI engine adapts traffic capture templates in real-time, to collect only the network and application threat intelligence data that matters. Resulting in a reduction of data volumes of up to 97% compared with PCAP capture.
Port mirroring is replaced with software probes allowing flexibility to install probes on any end-device; be it an IOT sensor, PC, server, hypervisor, switch or router.