SS8 Inc. has launched BreachDetect, offering a cyberthreat intelligence system adapted for enterprises. SS8, based...
in Milpitas, Calif., described the new product as a time machine, with high-definition records documenting and summarizing packet flows to spot compromised devices of interest or suspects on an organization's network.
BreachDetect is SS8's first security offering tailored for enterprise use. The vendor has specialized in working with the intelligence community, as well as large service and infrastructure providers -- offering counterterrorism, network security and legal compliance services.
BreachDetect relies on software sensors that generate the high-definition records (HDRs), according to Faizel Lakhani, president and COO at SS8. Each sensor can decode more than 1,000 protocols, and each can process up to 10 million HDRs per second on a multigigabit enterprise network. An associated analytics engine matches the HDR data with user, device and threat intelligence information.
Instead of offering just deep packet analysis, BreachDetect summarizes Layer 7, or application-level, transactions within the HDRs. Lakhani said alternative network monitoring technologies, such as NetFlow, are less useful, offering only Layer 3 summaries that include information such as IP addresses and the length of a session. In contrast, BreachDetect includes data about site types and file downloads, and it pulls information out of packets as it summarizes network behavior. BreachDetect is also capable of monitoring in SDN and network functions virtualization environments, even as many network professionals find themselves losing visibility as the network flattens.
"In security, every day you get smarter, you learn about new threat vectors [and] new threat intelligence, because it's happening. We take latent intelligence and wind the clock back," Lakhani said. "That's what we bring ... turn back the clock on your network to look at things that seemed completely normal at the time," he added.
According to Lakhani, another benefit of SS8's cyberthreat intelligence product is its ability to create a clear record of events on a network. JPMorgan's disastrous 2014 data breach took four months to diagnose, he said, in part, because there was no network record in place. Verizon indicated that 240 days is the average time between exploitation and attack. Many deep packet analysis tools generate up to 7 PB of data every two weeks, muddying the record with an overwhelming quantity of data that make attacks hard to spot. By contrast, Lakhani said BreachDetect makes it easier for customers to obtain the performance data they need through the analytics engine, which can rapidly comb through the HDRs. BreachDetect lets customers access up to two years of network transaction data. The BreachDetect cyberthreat intelligence tool is available as a software as a service model, priced by the amount of data analyzed and the period of time managed. Customers are permitted as many network infrastructure points as needed.
Wireshark offers packet sniffing
Looking into packet analysis tools
Packet analysis for better network visibility