Enea announced the availability of the Qosmos Probe 2.0 configured as a Deep Packet Inspection (DPI) sensor, designed to strengthen cyber threat hunting capabilities at Security Operations Centers (SOCs).
SOCs need accurate traffic intelligence to identify threats that evade cyber incident detection and protection solutions.
Configured as a DPI sensor, the Qosmos Probe provides detailed, real-time traffic information about applications and protocols.
The extracted data is formatted in a normalized stream for consumption by security analytics, Security Information and Event Management (SIEM), or other incident response tools.
The Qosmos Probe leverages the power of ixEngine, the most powerful DPI engine on the market, to deliver best in class traffic intelligence:
- Complete visibility up to the application level (OSI layer 7),
- Classification of 3000+ protocols,
- Extraction of 5000+ application metadata,
- Flexible management interfaces with support for NETCONF, REST, CLI,
- Information can be exported in multiple standard formats (CSV, IPFIX, JSON, etc.),
- Connectors for open source databases (Elasticsearch, InfluxDB, etc.),
- Cloud-native architecture suitable for virtualized environments (OpenStack, VMware) and cloud-based applications.
The benefits of the Enea Qosmos Probe for SOCs include:
- Improved threat hunting capabilities based on detailed real-time traffic information,
- Size of forensic data reduced by up to 150x compared to full packet capture (FPC),
- Less false positives when using information from the DPI sensor to improve rules for Intrusion Detection and Prevention Systems (IDPS).
“Cyber threats are becoming increasingly sophisticated and therefore Security Operations Centers need highly effective detection capabilities,” said Jean-Philippe Lion, Senior Vice President of the DPI Business Unit at Enea.
“The Qosmos probe is an essential source of information to identify and protect against the most advanced attacks.”