AI-Driven Packet Recording

Deploying bulk packet capture on bare metal within an enterprise has become more costly and impractical year after year as a company’s network increases in bandwidth, footprint, and complexity. Utilizing an AI-informed approach, however, fundamentally changes the way analysts view network forensics.

ThreatEye Intelligent Packet Capture Brain

Unlike traditional bulk packet capture, ThreatEye ‘learns’ to classify and predict how much data per flow to record and where to store it. On a per flow basis, this could range from simple meta-data to full packet capture, stored on local or cloud storage. Ultimately, this improvement enables security analysts to access data faster with better insights and less storage requirements.


Today’s approach to bulk packet capture places an overwhelming burden on security analysts  to sift through exhaustive amounts of data, often leading to slow and inconclusive findings. Due to substantial storage capacity requirements, this approach becomes virtually unaffordable at scale. As a result, many organizations have chosen not to pursue in-depth packet capture strategies due to the outsized cost of storage and the poor signal to noise ratio of capturing all network traffic. As network traffic increases in the future, companies will have to choose between increasing storage commitments OR retaining fewer days of storage.

Lower Storage Costs, Higher Fidelity

Employing Machine Learning to inform packet capture dramatically reduces an organization’s storage costs, while giving it access to the ground truth network data that is most likely to be relevant to future queries.  By reducing your PCAP data footprint by up to 80% while still retaining 100% of your augmented flow.ThreatEye provides the critical forensic ground truth data you need while helping you manage your infrastructure budget.