DeepFlow Deep Packet Inspection Probes for Network Security
With an ever increasing volume and complexity of incoming events, effective protection requires security teams to quickly identify and validate events. Until now, these teams had the choice between searching through system logs, NetFlow, or full packet captures. DeepFlow DPI probes combine the essence of all 3 into a forensically accurate flow, normalized such that it is easily consumed by SIEM/NBAD/Network Analytics tools provided by security vendors and integrators.
Qosmos DeepFlow® probes are simple; plug 2/4/10 Gb/s of network traffic into the probe, and watch it classify traffic into organized flows, describing the protocols and relevant metadata in real time.
- For SIEM vendors: Quickly integrate DeepFlow visibility into your SIEM and offer better event correlation rules based on application behavior from the network. Add weight to alerting decisions when correlating between firewall and IDS events by knowing how common a flow is compared to its peers over time.
- For MSSPs: Provide a differentiating service to your customers, understand the behavior of customer networks, and respond quicker. Understand what is normal at your customer site by quickly building an index of normal behavior across time for each of your client sites.
- For DDOS vendors: Detect nuances of application level denial of service attacks by quickly distinguish characteristics of malicious traffic from good traffic. Then use that information to build rules faster to block that traffic.
Qosmos DeepFlow probes for cyber security effectively bridge the gap between NetFlow and full-packet capture, as described below: