Improve Threat Detection while Reducing Data Volumes
As cyber attacks become increasingly sophisticated, effective threat analytics requires accurate and detailed input from different sources. One key source of information is the network traffic itself. Detailed, context-rich traffic visibility strengthens and streamlines existing SIEM and threat hunting platforms.
Integrated as a separate building block, a Deep Packet Inspection (DPI) sensor reinforces protection through the creation of a tailored-made security system with capabilities unknown to attackers.
Enea Qosmos Probe
An Advanced DPI Sensor to Boost SIEM and Threat Hunting
The Enea Qosmos Probe provides detailed visibility of network traffic, bringing new capabilities to cybersecurity solutions by pinpointing key data to improve the accuracy of threat detection. Delivered as a cost-effective DPI-based sensor, it can be used to strengthen and streamline existing SIEM and threat hunting platforms.
The Enea Qosmos Probe is a flexible alternative to pre-integrated, proprietary DPI sensors. It constitutes an essential building block of a robust protection with capabilities unknown to attackers.
The Enea Qosmos Probe passively captures packets at high throughput, detecting applications, parsing protocols, and extracting traffic metadata. Traffic metadata is used to contextualize alerts, which reduces the number of false positives, and allows analysts to carry out more efficient investigations, resulting in faster remediation.
Benefits of the Enea Qosmos Probe
Next-Gen DPI for Threat Hunting & Forensics
- Alerts based on traditional log/application information are enriched with detailed protocol and metadata information and this context-rich data allows faster and more accurate investigations.
- The Enea Qosmos Probe only stores traffic metadata (sender, receiver, device type, file type, etc.), discarding irrelevant content, such as video. Forensic storage is reduced by up to 150x compared to full packet capture.
- Delivered as a software component, the Enea Qosmos Probe can be used in virtualized, physical and hybrid infrastructures.
- The Enea Qosmos Probe is based on Enea Qosmos ixEngine®, the most widely deployed DPI software in cybersecurity.
Using Cyber Sensors to Detect Advanced Threats – Case Study: Sunburst Attack via Solarwinds