Cybersecurity Use Case

Threat Hunting & Forensics

Improve Threat Detection while Reducing Data Volumes

Boost your SIEM and threat hunting platforms with detailed traffic visibility

Improve Threat Detection while Reducing Data Volumes

As cyber attacks become increasingly sophisticated, effective threat analytics requires accurate and detailed input from different sources. One key source of information is the network traffic itself. Detailed, context-rich traffic visibility strengthens and streamlines existing SIEM and threat hunting platforms.

Integrated as a separate building block, a Deep Packet Inspection (DPI) sensor reinforces protection through the creation of a tailored-made security system with capabilities unknown to attackers.

Qosmos Probe: An Advanced DPI Sensor

The Qosmos Probe provides detailed visibility of network traffic, bringing new capabilities to cybersecurity solutions by pinpointing key data to improve the accuracy of threat detection. Delivered as a cost-effective DPI-based sensor, it can be used to strengthen and streamline existing SIEM and threat hunting platforms.

The Qosmos Probe is a flexible alternative to pre-integrated, proprietary DPI sensors. It constitutes an essential building block of a robust protection with capabilities unknown to attackers.

The Qosmos Probe passively captures packets at high throughput, detecting applications, parsing protocols, and extracting traffic metadata. Traffic metadata is used to contextualize alerts, which reduces the number of false positives, and allows analysts to carry out more efficient investigations, resulting in faster remediation.

Benefits of the Qosmos Probe

  • Alerts based on traditional log/application information are enriched with detailed protocol and metadata information and this context-rich data allows faster and more accurate investigations.
  • The Qosmos Probe only stores traffic metadata (sender, receiver, device type, file type, etc.), discarding irrelevant content, such as video. Forensic storage is reduced by up to 150x compared to full packet capture.
  • Delivered as a software component, the Qosmos Probe can be used in virtualized, physical and hybrid infrastructures.
  • The Qosmos Probe is based on Qosmos ixEngine®, the most widely deployed DPI software in cybersecurity.

Benefits of the Qosmos Probe

Industry Recognition

Enea's Qosmos ixEngine wins Cyber Defense Magazine 2023 Global Infosec Award     Enea Qosmos wins Gold in the 2023 CYBERSECURITY EXCELLENCE AWARDS     Enea's next-generation DPI engine, Qosmos ixEngine, is a winner of the 2022 Cloud Computing Product of the Year Award

DATASHEET

Qosmos Probe: A Network Traffic Sensor with Next Generation DPI

Qosmos Probe: A Network Traffic Sensor with Next Generation DPI

VIDEO

Using Cyber Sensors to Detect Advanced Threats – Case Study: Sunburst Attack via Solarwinds

VIDEO

6-Minute Video on DPI Sensors for Cyber Threat Hunting

SOLUTION BRIEF

Jump-start IDS Development and Boost Threat Detection Performance with Qosmos Threat Detection SDK

Redefining Performance and Time-to-Market for Intrusion Detection Systems (IDS) with Enea Qosmos Threat Detection SDK

CASE STUDY

MSSP Differentiates Offer with Qosmos-Powered NTA

MSSP Differentiates Offer with Qosmos-Powered NTA

DATASHEET

Qosmos Probe as a DPI Sensor for Cyber Threat Hunting

Qosmos Probe as a DPI Sensor for Cyber Threat Hunting