LiveAction released ThreatEye NV, a network detection and response platform (NDR) that combines next-generation data collection, advanced behavior analysis and streaming machine learning to give SecOps teams visibility into encrypted traffic, threats and network anomalies.
Utilizing Deep Packet Dynamics (DPD) that eliminates the need for payload inspection, the platform analyzes more than 150 packet traits and behaviors across multi-vendor, multi-domain and multi-cloud network environments. This helps accelerate real-time threat detection, eliminates encryption blindness, validates encryption compliance, and allows teams to better secure the entire network and coordinate responses with other security tools such as SIEM and SOAR.
“Having comprehensive visibility into encrypted traffic and being able to automate advanced analysis of that data in real-time is critical to protecting against today’s advanced threats. Traditional tools rely on deep packet inspection or rules-based monitoring, which impacts performance and is proven to no longer be sufficient,” said Thomas Pore, Director of Security Products at LiveAction. “ThreatEye NV uses new DPD technology that provides high-fidelity flow records that analyze more than 150 packet and flow features, all without payload inspection, which can negatively impact performance. When combined with advanced data collection and machine learning models, customers get the industry’s most powerful NDR solution.”
ThreatEye NV was designed to help organizations and their SecOps teams improve threat detection and prevent adversaries from executing successful disruptive and damaging attacks. Key updates to the platform include more than 150 new detection capabilities including advanced behavior anomaly detection, encrypted metadata threat detections, plaintext metadata threat detections, AI/ML-driven detections, AI/ML-driven encryption inventory, DNS/DoH detections, and Active Exploit Detections.
The platform also offers continuous packet capture with single-click pivot-to-PCAP through a new ThreatEye NV probe integration with LiveAction’s LiveWire, which extends packet-to-flow visibility of virtual infrastructure. The combination of threat detection and encrypted traffic analysis with packet capture delivers unmatched visibility for SecOps teams looking to improve their security strategy and response capabilities.
Key benefits and features of ThreatEye NV:
- Real-time threat and anomaly detection – ThreatEye NV’s Deep Packet Dynamics (DPD) is agnostic to packet contents and uses a rich metadata set of more than 150 packet dynamic features to create a historical inventory of traits and behaviors for profiling and fingerprinting, a technique that works equally well with both encrypted and unencrypted traffic. Machine Learning models are applied to identify advanced behavioral threat actor anomalies and the platform is designed to process millions of events per second in real-time.
- Eliminate encryption blindness and validate compliance – Increased adoption of encrypted network protocols is causing the erosion of network visibility for security teams. As a result, legacy tools are losing visibility. Encrypted traffic analysis and the application of ML to DPD enables encrypted traffic analysis without decryption or performance degradation. The platform also provides encryption-policy-specific alerting and reporting for security compliance.
- Simple deployment to secure the entire network – ThreatEye NV is a SaaS offering with software sensors deployed as containerized software applications. This containerized approach allows the solution to be deployed either on-premises, in a private or public cloud, or a mixture of both. From core to edge to cloud, ThreatEye NV includes lightweight, easy-to-deploy software sensors available for deployment anywhere and everywhere visibility is needed.
- SOC enabled – With a multi-stage analysis pipeline that correlates and enriches traffic with finding details, risk scores, and MITRE ATT&CK labeling, time to investigate and respond is dramatically decreased. Teams can respond in real-time and accelerate triage with integrated packet analysis. ThreatEye NV’s SaaS offering includes SOC-enabled dashboards to further drive response efficiency.
- Coordinate a cohesive security response – ThreatEye NV interconnects seamlessly with existing security tools like SIEMs, SOAR, and Threat Intelligence. Workflow automation with products like Cisco SecureX allows teams to take immediate action on security events to quarantine hosts or block threats. SIEM integration can provide a correlation with EDR events and malicious activity on previously unseen encrypted channels.
- Streaming machine learning analysis – Powered by a streaming machine learning engine, the platform ingests high-fidelity metadata generated by its software probes. The ML engine is purpose-built for network security and unlike traditional batch processing, streaming ML is fueled by analyzers – or models – engineered to analyze network traffic without multiple passes over the data stream. These models are custom-built for specific security and visibility use cases and scale via parallel processing.