As cyber aacks become increasingly sophiscated, effecve threat analycs requires input with a higher level of accuracy and detail. A DPI sensor provides granular, context-rich traffic visibility, strengthening and streamlining exisng SIEM and threat hunng plaorms. The Qosmos Probe DPI sensor is a flexible, cost-effecve alternave to pre- integrated, proprietary DPI sensors. Added to exisng cybersecurity operaons, it constutes an essenal building block for threat detecon and reinforces protecon through the creaon of a tailored-made security system with capabilies unknown to aackers. The Qosmos Probe passively captures packets at high throughput, detecng applicaons, parsing protocols, and extracng traffic metadata. Traffic metadata is used to contextualize alerts, which reduces the number of false posives, and allows analysts to carry out more efficient invesgaons, resulng in faster remediaon. • Alerts based on tradional log/applicaon informaon are enriched with detailed protocol and metadata informaon and this context- rich data allows faster and more accurate invesgaons and significantly reduces the number of false posives . • The Qosmos Probe only stores traffic metadata (sender, receiver, device type, file type, etc.), discarding irrelevant content, such as video. Forensic storage is reduced by up to 150x compared to full packet capture. • Delivered as a soſtware component, the Qosmos Probe can be used in virtualized, physical and hybrid infrastructures. • Regular updates ensure recognion of the latest protocols and special techniques also allow accurate classificaon of encrypted traffic. Efficient Traffic Intelligence Independent, best-in-class traffic intelligence technology Cost-effecve and flexible alternave to proprietary sensors associated with specific security soluons Reduces size of forensic storage by up to 150x compared to full packet capture Improved Threat Hunng Brings new capabilies that pinpoint key data and decrease false posives Provides a step funcon improvement in alert contextualizaon Proven Technology Based on Qosmos ixEngine®, the most widely deployed DPI soſtware in cybersecurity Best-in-class Classificaon and Metadata Extracon 3200+ protocols classified and 5000 applicaon metadata extracted Unique real-me Deep File Inspecon capabilies Precise end point idenficaon (device, IP, user, domain name, etc.) Protocol metadata specific to cybersecurity requirements Powerful Flow Processing Scales to nx10 Gbps of traffic per probe Classificaon of traffic encapsulated into all types of tunnels (GTP, GRE, PPOE, etc.) Key Facts Applicaon Datasheet Standalone, Best-in-Class Traffic Intelligence based on Protocol & Metadata Information Qosmos Probe as a DPI Sensor for Cyber Threat Hunng
2
Embed
Qosmos Probe as a DPI Sensor for yber Threat Hunting · onfiguration and Management • NETONF API • Multi-tenant entralized Management onsole for configuration and status information
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
As cyber attacks become increasingly sophisticated, effective threat analytics requires input with a higher level of accuracy and detail. A DPI sensor provides granular, context-rich traffic visibility, strengthening and streamlining existing SIEM and threat hunting platforms.
The Qosmos Probe DPI sensor is a flexible, cost-effective alternative to pre-integrated, proprietary DPI sensors. Added to existing cybersecurity operations, it constitutes an essential building block for threat detection and reinforces protection through the creation of a tailored-made security system with capabilities unknown to attackers.
The Qosmos Probe passively captures packets at high throughput, detecting applications, parsing protocols, and extracting traffic metadata. Traffic metadata is used to contextualize alerts, which reduces the number of false positives, and allows analysts to carry out more efficient investigations, resulting in faster remediation.
• Alerts based on traditional log/application information are enriched with detailed protocol and metadata information and this context-rich data allows faster and more accurate investigations and significantly reduces the number of false positives.
• The Qosmos Probe only stores traffic metadata (sender, receiver, device type, file type, etc.), discarding irrelevant content, such as video. Forensic storage is reduced by up to 150x compared to full packet capture.
• Delivered as a software component, the Qosmos Probe can be used in virtualized, physical and hybrid infrastructures.
• Regular updates ensure recognition of the latest protocols and special techniques also allow accurate classification of encrypted traffic.
Cost-effective and flexible alternative to proprietary sensors associated with specific security solutions
Reduces size of forensic storage by up to 150x compared to full packet capture
Improved Threat Hunting
Brings new capabilities that pinpoint key data and decrease false positives
Provides a step function improvement in alert contextualization
Proven Technology
Based on Qosmos ixEngine®, the most widely deployed DPI software in cybersecurity
Best-in-class Classification and Metadata Extraction
3200+ protocols classified and 5000 application metadata extracted
Unique real-time Deep File Inspection capabilities
Precise end point identification (device, IP, user, domain name, etc.)
Protocol metadata specific to cybersecurity requirements
Powerful Flow Processing
Scales to nx10 Gbps of traffic per probe
Classification of traffic encapsulated into all types of tunnels (GTP, GRE, PPOE, etc.)
Key Facts
Application Datasheet
Standalone, Best-in-Class Traffic Intelligence based on Protocol & Metadata Information
Qosmos Probe as a DPI Sensor for Cyber Threat Hunting
Example of Qosmos Probe DPI Sensor in a SOC Architecture
Enea develops network software for the connected society, supplying solutions for mobile traffic optimization, subscriber data management, network virtualization, traffic classification, embedded operating systems, and professional services. More than 3 billion people around the globe rely on our technologies in their daily lives. Enea’s leading DPI-based IP traffic classification and network intelligence software is embedded by vendors and integrators into their products sold to telcos, cloud service providers and enterprises. For more information on Enea’s Qosmos Probe or Qosmos DPI technology: www.qosmos.com.