Solera Networks unveiled the DeepSee BlackBox Recorder, which continuously and silently captures all network traffic – including packets, flows, files and applications.
In the event of a security breach, incident responders can leverage it to swiftly pinpoint the root cause and material impact, while applying precise and effective remediation.
The Solera DeepSee BlackBox Recorder provides incident responders and security service providers with an effective way to integrate Solera DeepSee into existing security infrastructure, providing the always-on “eyes and ears’ that investigators need to tap into at a moment’s notice.
The Recorder can be deployed as a DeepSee Virtual Appliance or as DeepSee Software. Unlike any other big data security intelligence and analytics offering, the DeepSee BlackBox Recorder is unique due to its ability to be deployed and installed at no initial cost – with a requirement to purchase a license only when incident responders “break the glass” to retrieve the captured security intelligence.
The BlackBox Recorder delivers effective incident response and combines big data security analytics, comprehensive threat intelligence and full security visibility to answer critical post-breach questions like: who compromised the system?; what systems and data were affected?; what is the root cause and material impact?; and are we sure it’s over and won’t happen again?.
the BlackBox Recorder applies big data security analytics, threat intelligence and full network visibility for:
Application discovery – classify more than 1,000 applications and thousands of metadata attributes, including content types and file names.
Real-time file extraction – automatically extract and analyze any file, including malicious file types.
Root Cause Explorer – create a timeline of suspect Web sessions, email and chat conversations—before, during and after a security breach.
Session reconstruction – obtain a full record of user session activity as it happened in real-time.
Reputation service – reveal the integrity of any IP address, file or email address.
Full layer 2-7 indexing – correlated analytics with direct drill-downs from layer 2 to 7.