CYBERSECURITY USE CASE

Extended Detection and Response (XDR)

High Quality Data and Unique Insights for Superior Anomaly Detection

Strengthen your XDR system with high quality data and unique insights

High Quality Data and Unique Insights for Superior Anomaly Detection

With increasingly distributed networks, many organizations have adopted Zero Trust Network Access (ZTNA) solutions to strengthen security and reduce their attack surface. This is an important step forward, but a zero-trust posture still cannot provide 100% protection against advanced threats, especially those developed by nation-state actors and sophisticated criminal rings.

For these types of advanced threats, many enterprises are complementing ZTNA and other security solutions with Extended Threat Detection and Response (XDR) systems. XDR systems use behavioral analytics to detect anomalous patterns indicative of an advanced attack. This behavioral analysis is performed on large volumes of enterprise-wide user, device and network traffic data, with rules for actions to be taken to mitigate potential attacks.

The results of this analysis and the effectiveness of the XDR system depend on the information that is made available to it. The more accurate and precise the data fed to the XDR system, the more reliable and successful the detection of the threats.

ENEA QOSMOS TECHNOLOGY

The Data Foundation for XDR

  • Identifies 4000 protocols and applications
  • Delivers 5600 types of metadata
  • Classifies encrypted and evasive traffic
  • Indicates anomalous behaviors
Enea Qosmos Next-Generation DPI Technology: The Data Foundation for XDR

Enea Qosmos Technology Inside XDR

XDR comprises two main functions: Network Detection & Response (NDR) and Endpoint Detection & Response (EDR). As the names suggest, the main role of NDR is to detect and prevent intrusion of the network as a whole, while the goal of EDR is to stop intrusion at the endpoint (e.g., through anti-virus solutions).

Both NDR and EDR use a combination of trusted technologies: 1. Intrusion Detection/Intrusion Prevention Systems (IDS/IPS) for NDR and 2. Endpoint Protection (EPP) for EDR to detect primarily known threats, and 3. Machine-learning enhanced behavioral analyses based on Advanced Anomaly Detection (AAD) to identify unknown or hidden threats that have evaded these systems.

Enea Qosmos technology not only identifies and classifies network traffic, but also provides highly detailed and accurate information on each flow. It is used as a data foundation to support AAD in both NDR and EDR, and to enhance existing rule-based detection capabilities within IDS and EPP components.

Enea Qosmos Deep Packet Inspection Technology Inside XDR

Enea Qosmos: Granular Insights for XDR Solutions

Enea’s embedded next-generation Deep Packet Inspection engine, Qosmos ixEngine®, delivers the data that fuels advanced analytics within XDR solutions. It passively and non-intrusively inspects and analyzes raw telemetry data (rather than logs) to provide detailed, highly accurate data about the protocols, applications, services, users, files, flow characteristics and devices associated with traffic flows.

  • In Endpoint Protection (EPP), Qosmos ixEngine supports better rule-based threat detection by delivering important contextual data including device ID, device profile, location, time, and info to compute application risk posture.
  • In Advanced Anomaly Detection (ADD), data from Qosmos ixEngine is used to:
    1. Build reliable models of normal behavior to detect future anomalies
    2. Accurately determine which abnormalities represent threats
    3. Rapidly qualify these threats and IPS alerts using contextual
    4. Develop effective rules in response to these assessments
  • In Suricata IDS/IPS, Qosmos ixEngine enables the development of expanded whitelists and blacklists, safeguards visibility with classification of encrypted traffic, reduces false positive alerts, and significantly improves Suricata’s ability to detect anomalous and evasive traffic. Learn more about how to boost Suricata IDS/IPS performance
  • For the XDR platform as a whole, the contextual metadata provided by Qosmos ixEngine makes threat analysis and forensics much faster and easier (while simultaneously reducing the need for full packet capture).

Qosmos ixEngine Benefits for XDR

Global Network Visibility

  • Gain real-time L2-to-L7 visibility over network traffic across mobile, cloud, on-premise equipment, IoT devices, applications and containers.
  • Achieve visibility into encrypted traffic with fine grained and contextualized metadata and statistics that can profile and classify data packets without decryption.

Critical Efficiency

  • Save valuable SOC staff time (and frustration) by excluding low- or no-value data and better qualifying and funneling alerts.
  • Dramatically reduce data storage requirements by excluding safe traffic and reducing the need for full packet capture to support forensics. 

Maximum Agility

  • Rapidly deploy (or re-deploy) sensors as needed across continuously evolving network environments.
  • Leverage protocols, metadata, behavioral baselining and analytics to surface new, hard-to-detect threats moving laterally across your network.
  • Gain the speed and flexibility needed to secure and manage forthcoming 5G mobile networks.

APPLICATION DATASHEET

Qosmos Probe for Advanced Network Detection and Response Solutions

Qosmos Probe for Advanced Network Detection and Response Solutions

Industry Recognition

Enea Qosmos wins Gold in the 2021 InfoSec Award     Enea Qosmos wins Gold in the 2022 CYBERSECURITY EXCELLENCE AWARDS     Enea Qosmos ixEngine is a winner of the 2022 Cloud Computing Product of the Year Award

DATASHEET

Qosmos ixEngine: Next-Generation DPI for Maximum Traffic Visibility

Qosmos ixEngine: Next-Generation DPI for Maximum Traffic Visibility

ON-DEMAND WEBINAR

How to Use Network Detection & Response (NDR) to Mitigate the Inevitable Breach