DPI Probe Software for Network Security
Qosmos DeepFlow® is a software platform which leverages L4-L7 Deep Packet Inspection to collect in real time the information embedded in or generated by traffic flows, and deliver this actionable data to third-party systems.
Qosmos DeepFlow is used by developers and systems integrators to build passive probes for network security and forensics.
Visibility over Traffic
- Protocol and application identification based on Qosmos Deep Packet Inspection Engine (ixEngine)
- Real-time extraction and delivery of thousands of traffic metadata (Click here to learn more about protocol and application support)
- Forwarding of application metadata, content and packets to third party applications
- Real time IP flow analysis 2/4/10 Gbps per appliance
With an ever increasing volume and complexity of incoming events, effective protection requires security teams to quickly identify and react to events. Until now, these teams had a choice between searching through system logs, NetFlow, or full packet captures. DeepFlow DPI software combines the essence of all three methods into a forensically accurate flow, normalized so it can be consumed by SIEM/NBAD/Network Analytics tools provided by security vendors and integrators.
- Benefits for SIEM vendors: Quickly integrate DeepFlow visibility into your SIEM and offer better event correlation rules based on application behavior from the network. Add weight to alerting decisions when correlating between firewall and IDS events by knowing how common a flow is compared to its peers over time.
- Benefits for MSSPs: Provide a differentiating service to your customers, understand the behavior of customer networks, and respond quicker. Understand what is normal at your customer site by quickly building an index of normal behavior across time for each of your client sites.
- Benefits for DDOS vendors: Detect nuances of application-level denial of service attacks by quickly distinguishing characteristics of malicious traffic from good traffic. Then use that information to build traffic-blocking rules more quickly.
Qosmos DeepFlow for cyber security effectively bridge the gap between NetFlow and full-packet capture, as described below: