The biggest advantage that cyber criminals hold on security teams is that they aren’t up against the defenders’ biggest obstacle – time. The time it takes to detect an anomaly. The time it takes to respond to an incident. The time it takes to take everything security teams learn from their investigations to inform their security posture. But the reason time is not defenders’ ally is the massive amounts of data they need to deal with every day that infringe on timely security.
While many solutions are able to comb though terabytes of data, security teams are still allocating countless hours and resources analyzing this “bulk.” None of the existing security solutions are able to crack the code of offloading cumbersome work, allowing network security analysts, threat hunters and SOC professionals to focus on the data that matters most to them. This is exactly what CounterFlow has set out to deliver with ThreatEye, the first true intelligent packet capture – the ability for defenders to rely on an intelligent foundation that empowers them to make better use of their time.
Imagine a team of detectives that is working a crime scene and needs to go through two million suspects. Not surprisingly, the amount of time, resources and manual undertaking such investigation requires stretches to exhaustive lengths. Now imagine a security team needing to sift through and inspect one terabyte of traffic (1TB = 2 million suspicious photos) for malicious activity on a network. Same issue. The data problem is a pain point at the core of security professionals’ daily function, and in order to truly help them, technologies need to target the root of the challenge.
Our intelligent packet capture technology is taking the manual work out of bulk packet capture. We are layering in proprietary machine learning capabilities that continually evolve to only record the forensically relevant data that is pertinent for efficient and speedy deep packet inspection and network traffic analysis. By filtering out normal traffic and only recording anomalous activity based on indicators of compromise, the system can reduce the data footprint, conducting more pointed packet capture, and can operate in real time at speeds over 100 Gbps. Deeper analysis and quicker identification of indicators of compromise that lead to reduced dwell times. We are arming security teams with the best tools to scale their security operations and improve their performance.
Fighting the good fight today requires placing threat hunters and SOC teams at the frontlines of defense and arming them with the smart tools to proactively hound down suspicious activity. ThreatEye is helping these teams do just that by clearing crowded and noisy flows of traffic for defenders to do deep reconnaissance that will inform and strengthen their security response and posture. We are helping them fight forward.