CounterFlow AI, the first security provider to deliver AIOps for network forensics, introduced its flagship solution – ThreatEye, an open, scalable AIOps platform that brings together machine learning, full packet capture, and visualization to identify network faults, anomalies and threats at wire speed.
This new platform eases the burden of SOC analysts who are in need of high-fidelity analysis for investigations but are overwhelmed by unnecessary volumes of data flowing through the network.
ThreatEye seamlessly integrates on-premise and public cloud infrastructures so that analysts benefit from the greater agility, visibility and scalability of public cloud services while getting the performance and cost benefits of the private cloud.
The network forensics platform employs its technology stack to offer two AIOps-driven solutions: Network Intelligence and Intelligent Packet Capture.
AIOps – artificial intelligence for IT operations – offers a new level of automation necessary for SOCs to increase their effectiveness with how they respond to and act on the data in their organizations’ networks. It also provides a gateway to apply and innovate with machine learning and data science to transform the way organizations approach network forensics.
The ThreatEye Network Forensics platform incorporates machine learning and artificial intelligence to enable intelligent packet capture, which allows security teams to reduce extraneous data by up to 80% while retaining only forensically relevant packets.
Legacy solutions and traditional approaches supporting bulk packet capture place an overwhelming burden on organizations and their security analysts to ingest, analyze and record all the network data, often leading to slow and inconclusive findings.
Due to the substantial data storage requirements associated with this, the traditional approach renders the cost of packet capture virtually unaffordable at scale.
“Based on an AIOps-powered platform, ThreatEye enables machine learning and artificial intelligence to go to work for security analysts and provide them instant access to the hard facts sooner,” said Randy Caldejon, chief executive and co-founder at CounterFlow AI.
“Our approach is increasing an enterprise’s network data signal-to-noise ratio but decreasing the reliance on more data storage to do it, and that represents a major win for the state of network forensics.”
ThreatEye’s Network Intelligence is an AIOps solution for network forensics that allows analysts to better identify anomalous network behavior and performance bottlenecks. As networks increase in speed and become more dynamic, it is also more challenging to determine a stable baseline from which to assess network performance.
Traditional flow and connection logs are not sufficiently detailed to allow analysts to rapidly focus on the true bottlenecks and anomalies. ThreatEye’s in-depth data platform offers deeper layers of data insights about low-level connections and intra-flow packet dynamics to support analysts in their forensic mission.
These data points provide a richer environment for an AI system to be more responsive to changes in network activity and apply detailed flow information, learned statistics and machine learning models to identify the anomalies and performance bottlenecks in near real-time.
CounterFlow AI’s ThreatEye Network Forensics platform integrates a collection of solutions that can be deployed as containerized applications in the cloud or on premise and include:
- ThreatEye Sensor: a real-time network flow sensor that combines a rich set of feature extractions with streaming machine learning analysis. ThreatEye Sensor extracts and analyzes over 100 network data fields that include flow monitoring, extended flow attributes, packet dynamics, computed statistics and management records. Built on Argus, a proven open-source project, ThreatEye Sensor includes enterprise-grade features and performance enhancements to support machine learning and encrypted traffic analysis at line rates, up to 40Gbps.
- ThreatEye Recorder: a high-performance network traffic recorder that guarantees line-rate, full packet capture with lossless write-to-disk performance. Designed as a multi-threaded application, the solution integrates advanced packet acquisition technologies like Linux eXpress Data Path (XDP) and Napatech SmartNIC to scale in either physical or virtual deployments, at speeds from 1 to 100Gbps.
- ThreatEye Visualizer: a powerful, interactive application built on Elasticsearch and Kibana and designed to store petabytes of enriched flow data to enable analysts to query and interactively explore forensically relevant data for insights, including threat hunting and incident response operations.