Embedded DPI for SIEM and Security Analytics
“Enrich security solution with Qosmos protocol and metadata information for faster discovery and containment of advanced threats”
Security Information and Event Management (SIEM) solutions and other security analytics products rely on network visibility to provide a timeline around actors and actions. This timeline is then used to model and analyze behavior. A blending of Netflow and IDS events are used to accomplish this, but the results are not always satisfactory: Netflow lacks the L7 protocol depth and IDS logs and events tend to focus on alerts instead of actions.
Strengthening the solution with Qosmos
Qosmos DPI software provides:
- A well-defined grammar to describe network activity: L3 through L7 protocol identification and attribute classification throughout network sessions to identify, track and categorize all network activity to the most minute detail. This improves the accuracy of machine-learning detection and alerting with a better dataset.
- Detailed, real-time understanding of traffic: Qosmos ixEngine performs protocol classification and metadata extraction up to 100 Gb/s, thanks to efficient code written in C language, which limits impact on CPU and memory resources.
As an example, Qosmos software embedded in sensors extract session activities and metadata for real-time millisecond analysis and extraction to data stores and file indexes.
Security analytics products can now offer detailed visibility for all network communication, without the cost of full packet capture. Solutions leveraging benefit from the accuracy and detailed metadata attributes needed to perform advanced threat detection. SIEM searching and alerting is more fine-grained, with fewer false positives, and more accurate alerts.
With Qosmos inside, developers can bring network actors and actions into sharp focus in ways previously not possible.