Improve Threat Detection while Reducing Data Volumes
As cyber attacks become increasingly sophisticated, effective threat analytics requires accurate and detailed input from different sources. One key source of information is the network traffic itself. Detailed, context-rich traffic visibility strengthens and streamlines existing SIEM and threat hunting platforms.
Integrated as a separate building block, a Deep Packet Inspection (DPI) sensor reinforces protection through the creation of a tailored-made security system with capabilities unknown to attackers.
Qosmos Probe: An Advanced DPI Sensor
The Qosmos Probe provides detailed visibility of network traffic, bringing new capabilities to cybersecurity solutions by pinpointing key data to improve the accuracy of threat detection. Delivered as a cost-effective DPI-based sensor, it can be used to strengthen and streamline existing SIEM and threat hunting platforms.
The Qosmos Probe is a flexible alternative to pre-integrated, proprietary DPI sensors. It constitutes an essential building block of a robust protection with capabilities unknown to attackers.
The Qosmos Probe passively captures packets at high throughput, detecting applications, parsing protocols, and extracting traffic metadata. Traffic metadata is used to contextualize alerts, which reduces the number of false positives, and allows analysts to carry out more efficient investigations, resulting in faster remediation.
Benefits of the Qosmos Probe
- Alerts based on traditional log/application information are enriched with detailed protocol and metadata information and this context-rich data allows faster and more accurate investigations.
- The Qosmos Probe only stores traffic metadata (sender, receiver, device type, file type, etc.), discarding irrelevant content, such as video. Forensic storage is reduced by up to 150x compared to full packet capture.
- Delivered as a software component, the Qosmos Probe can be used in virtualized, physical and hybrid infrastructures.
- The Qosmos Probe is based on Qosmos ixEngine®, the most widely deployed DPI software in cybersecurity.