Field Capture (FCAP)
You are looking for someone with brown hair, wearing a white T-shirt, last seen in a red car.
Do you stop all cars to look at every single passenger or just red cars?
Effective cyber threat detection involves locating the tiniest of signals indicating malicious behaviour. In a network, these signals become lost in Terabytes of background noise.
Today, deeply embedded in threat detection is Fear-Of-Missing-Out (FOMO). Traffic capture tools suck up every field in every packet of the entire network traffic stream. Just incase ‘something’ is needed later. This generates inefficiencies in resources, storage and analysis time.
Botprobe takes a different approach. We don’t use full Packet Capture (PCAP) which captures all traffic – akin to looking inside every car.
Instead, we have developed adaptive Field Capture (FCAP). Our powerful AI-driven data capture algorithms target only the Indicators-of-Compromise parameters needed for threat detection – looking only inside the red cars. FCAP dynamically alters which IOC fields are captured, adapting as a threat profile evolves.
Adaptive FCAP has several advantages:
- Data volumes can be reduced by over 95%
- Less data needs transporting to a SOC
- Captured data is clean and structured
- SIEMs can ingest network traffic
Reducing the volumes of captured data means our probes can run on low power hardware. So scaling our technology over large estates is cost-effective. With fewer data points to analyse, our threat analysis tools are faster, more efficient and smarter.
- significant reduction of network traffic volumes (up to 95%)
- adaptive and selective, per protocol, field-by-field extraction (FCAP)
- stream aggregation, when possible
- obfuscated, efficient transportation of captured traffic to analyser
- output to any analysis tool – SIEM, flow collectors, etc.
- small footprint software optimised to run on low-specification devices
95% reduction in data capture volumes means
- faster detection – security analysts and detection tools spend less time preparing data and more time hunting for threats
- increased accuracy – more efficient detection rules means less false positives
- lower hardware costs – our software is optimised for lower-powered devices, thereby reducing cost of hardware