Skip to main content
Home Home

Main navigation

  • PRODUCT
  • Solutions
    • Law
    • Government
    • Enterprise
    • Infrastructure
    • ACADEMIA/RESEARCH
    • FINANCIAL INDUSTRY
    • MEDICAL
    • SCADA/ICS SYSTEMS
  • Use Cases
  • Technology
    • Machine Learning
    • 10x Richer than Netflow
    • IoT, BYOD, and Shadow IT
    • Network Traffic Analysis
    • SCADA/ICS Systems
  • Company
    • About Us
    • Become a Partner
    • Current Partners
    • Support
  • Blog
  • Demo
  • en

Network Traffic Analysis

Detect the Unknown

Unknown Advanced Persistent Threats (APTs) pose an increasing risk to networks worldwide. They bypass existing security tools and stay hidden for several weeks. They strike when the time is right - inflicting hundreds of billions of dollars of damage, or worse.

They may be in your network, but your existing security tools are not be able to detect them.

Network Traffic Analysis (NTA) is an effective tool to detect APTs before they can do damage to your network. NTA uses a combination of artificial intelligence, machine learning, rich network traffic metadata, and content inspection to detect threats. NTA monitors network communications between devices on the network, as well as those coming into and going out of the network, to identify possible threats.  

Network Traffic Analysis secures the network:

  • Monitors network traffic to detect threats
  • Detects unknown threats by what they do,
    in real time
  • Risks are identified before damage can occur
  • Offers full visibility for every single device, single host, single subnet on the network,
    and their communications up to L7
  • Effective on SCADA networks 

 

 

APTs easily bypass your existing
security tools

APTs exploit the gaps in existing security tools. Rule-based security tools - like firewalls and intrusion detection systems must know a threat before it can be detected. APTs are unknown; which means APTs can evade these tools. APTs also bypass sandboxes, infect IoT and BYOD devices; where endpoint security cannot be installed, and attack SCADA networks. Log management solutions like SIEMs are difficult to deploy, analyze events after the fact, and generate high levels of false positives. Security solutions which rely heavily on NetFlow and/or IPFIX protocols are also ineffective against APTs, because these data protocols lack sufficiently detailed network traffic metadata for effective security.

Advanced Persistent Threats
MENDEL Network Traffic Analysis

MENDEL's Network Traffic Analysis detects threats by what they do

APTs must take action to accomplish their mission; like infecting other devices, downloading TOR, scanning for open ports, or communicating with a command and control server, etc. These actions create communications traffic within the network which is anomalous to “normal” network traffic. MENDEL uses advanced Network Traffic Analysis to detect these anomalous actions as they happen, allowing the security team to block offending communications, identify other infected devices within the network, and capture communications for further research. MENDEL can monitor the full network - including connected IoT and BYOD devices - via mirrored network traffic at the core switch; detecting advanced, unknown attacks across the entire network in real time, without the need to rely only on rules alone, profile a particular area, or analyze event logs. You don't need to know where an attack will strike before it does, or spend time in analysis
after it happens.

 

 

More than just detection

Network Traffic Analysis also means MENDEL can offer not just advanced detection of unknown threats, but also visibility into individual devices, hosts, subnets, and services (including Layer 7) communicating on the network, with deep packet inspection for every device, including IoT and BYOD devices where an endpoint client can't be installed. Because anomalous events effect network performance, MENDEL is able to monitor network performance. 

Finally, MENDEL applies Network Traffic Analysis to not just traditional IT networks. SCADA/ICS networks, which are an increasing source of attack, can be protected with MENDEL's unique
analysis features. 

full network visiblity and performance management

Product

  • MENDEL 

Company

  • About
  • Career CZ
  • Support
  • Blog

Contact

GREYCORTEX s.r.o.
Purkynova 127
612 00 Brno
Czech Republic

+420 511 205 216

email:info@greycortex.com

 

 

Stay in touch

  • Twitter GreyCortex
  • LinkedIn GreyCortex
  • YouTube GreyCortex
Copyright GREYCORTEX s.r.o. 2019, all rights reserved