“Whilst having lots of data really helps in cyber threat detection,

having the right data is more important.”

– Dr. Mark Graham (Co-founder)

What makes us different

The challenge at the heart of network-based security is how to efficiently analyse so much data, in such a short time period.

To do this in a smart home network you either need a powerful device to perform analysis in real-time (which is expensive), or you need to transport all the network traffic back to the corporate network for analysis (which is also expensive).

At the core of Botprobe’s technology are powerful data-capture algorithms that capture only the traffic needed for security analysis, and nothing else. Our intelligent ai-based algorithms means that we are able to discard about 95% of the traffic that hinder other data capture methods.

To achieve this, Botprobe does three things:

 

01/ Reduce

Our innovate technology reduces the data volume sent for analysis by up to 95% when compared with traditional capture methods, without losing the all important context of the threat conversation.

02/ Structure

Botprobe introduces structure to unstructured network traffic at the point of capture, meaning we can feed network traffic into any analysis engine, such as a SIEM.

03/ Simplify

By simplifying the detection process right at the start (at data capture), simplicity can be maintained throughout the entire process.

LESS CPU

GREATER ACCURACY

FASTER

Our Vision

We believe that anyone with smart IP-enabled IoT devices in their infrastructure,

(whether that is corporate industry or smart home networks)

should have access to simple, affordable and effective protection against malicious software and hackers.

Selective Capture: Explained

If you are looking for 10 year old Dave who was last seen as a passenger in a red car. Do you stop and search every car, or do you just stop the red cars to see what the passengers look like?

Today, deeply embedded in threat detection is FOMO (Fear-Of-Missing-Out). Traffic capture tools suck up every field, in every packet, of the entire network traffic stream, just incase ‘something’ is needed later. This is hugely inefficient in terms of resource, storage and analysis time. Some tools improve this by filtering down what is capture on a per-protocol basis.

Botprobe is different. We turn full Packet Capture (PCAP) into selective Field Capture (FCAP), thus allowing us to remove around 95% of the data that is unnecessary analysed during cyber threat detection.

The detection of most malicious activity can be reduced to a core set of indicator fields. Take for example the 10,000s of rules available to Intrusion Detection Systems – how many different fields within this core set of IDS analysed protocols are actually used in these rules?

By extracting only the threat related parameters and fields from the traffic flow, Botprobe discards around 95% of surplus data, whilst retaining the essential threat conversation context.

Interested in licensing our technology? Contact us at info@botprobe.co.uk

TheTechy Bit

Technical features:

  • significant reduction of network traffic volumes (up to 95%)
  • adaptive and selective, per protocol, field-by-field extraction (FCAP)
  • stream aggregation, when possible
  • obfuscated, efficient transportation of captured traffic to analyser
  • output to any analysis tool – SIEM, flow collectors, etc.
  • small footprint software optimised to run on low-specified CPU devices for realtime capture

Technical benefits:

95% reduction in data capture volumes means

  • faster detection – security analysts and detection tools spend less time preparing data and more time hunting for threats
  • increased accuracy – more efficient detection rules means less false positives
  • lower hardware costs – our software is optimised for lower-powered devices, thereby reducing cost of hardware

To learn more about our technology contact us directly at info@botprobe.co.uk