Bricata delivers improved threat hunting with enhanced network metadata
Bricata’s latest update provides security teams with flexibility to control the breadth and depth of the network metadata they want to capture – and to customize the ways they want to view it. This expands how security analysts inspect, investigate and hunt for threats in network metadata, which accelerates incident resolution.
“This is another enhancement to Bricata’s advanced network threat hunting capabilities that makes it accessible to experts and novices alike,” said Bricata CEO John Trauth. “We’ve greatly expanded the scope of the rich network metadata to provide more granular detail without sacrificing the scalability, flexibility and ease-of-use our customers have come to expect in our solution.”
The improvements to data collection tunability and scalability are coupled with improvements to the user interface. For example, the new version of the solution comes with usability enhancements that let users define views of the metadata that suits their purposes. In other words, the Bricata views self-adjust in alignment with the metadata the team has configured for collection.
“It’s really tailoring the experience to let the analyst do threat hunting the way they want to,” added Trauth. “This is part of our overall goal to deliver a modern network security tool that both scales for the largest enterprises but flexes to meet the specific needs and requirements of users and their environments.”
One of the many things that sets Bricata apart from other cybersecurity tools is that it employs multiple threat detection technologies on its platform. This includes signature detection, anomaly detection, and artificial intelligence to screen for zero-day malware. The improved metadata supports user-defined anomaly detection scripts and will serve as a foundation for future Bricata threat detection methods.
Earlier capabilities released this year have included support for the cloud; a new dashboard for better alert triage; and smart packet capture (PCAP) with backtesting, which scans previously captured PCAPs against new global threat intelligence signatures to detect threats that slipped by at the time of capture before a threat signature was available.