Embedded DPI and Traffic Intelligence for Cybersecurity Solutions

DPI & Traffic Intelligence for Cyber Defense in Critical Networks

Extreme Throughput and High-Resolution Traffic Intelligence

Bolster cyber defense for critical networks with DPI-based high-resolution traffic intelligence

Extreme Throughput and High-Resolution Traffic Intelligence

As cyber attacks against critical public and private infrastructures become increasingly sophisticated, effective threat analytics require accurate and detailed input from different sources. One key source of information is the network traffic itself. The more detailed the traffic visibility available to analytics solutions, the more accurate the detection and investigation capabilities will be.

Enea Qosmos Advanced DPI Sensor

Cyber Defense for Critical Networks with DPI-Based Traffic Intelligence

A sensor (or software probe) using Deep Packet Inspection (DPI) provides the most granular detail available, delivering a complete picture of activity in any size network. By passively capturing packets, detecting applications, parsing protocols, and extracting traffic metadata, it can significantly improve detection of attacks and raise the performance of proactive threat hunting.

The Enea Qosmos Probe is an advanced DPI sensor that embeds the market-leading DPI engine, Enea Qosmos ixEngine®. This engine offers the broadest protocol coverage in the market, recognizing more than 4500 protocols and applications, including IoT and M2M/SCADA protocols, with support for custom protocols.

The Enea Qosmos Probe leverages years of experience in cyber defense environments and is a key component of the security technology stack for government-run Security Operations Centers (SOCs). For these sensitive environments, combining DPI information with a proprietary, confidential solution creates an additional layer of security, complementing turnkey commercial products such as IDS, which have technical capabilities that can be known by attackers.

Enea Qosmos Probe

DPI Sensor Applications

1. A rich information feed to strengthen threat analytics
  • Information extracted from traffic flows boosts machine learning for threat analytics platforms. This translates into more accurate alerts, shorter time-to-detection, and fewer false positives.
2. An expert tool for network forensics and threat hunting
  • A DPI sensor streamlines investigations and improves time-to-detection for network forensics and threat hunting by capturing and storing detailed traffic information in a database where it can be rapidly and easily accessed for query and visualization.
  • In addition, the sensor provides high information resolution using a fraction of the storage required for full packet capture because it only requires traffic metadata (sender, receiver, device type, file type, etc.), discarding irrelevant content, such as video.

Industry Recognition

Enea's next-gen DPI engine, Qosmos ixEngine, wins Cyber Defense Magazine 2023 Global Infosec Award     Enea's next-gen DPI engine, Qosmos ixEngine, wins Gold in the 2023 CYBERSECURITY EXCELLENCE AWARDS     Enea's next-generation DPI engine, Qosmos ixEngine, is a winner of the 2022 Cloud Computing Product of the Year Award

Enea Qosmos Technology Reveals Hidden Threats

Encryption
Virtual Private Networks (VPNs)
  • Accurately identify the use of dozens of VPN applications, including those most commonly deployed for malicious activities. VPN protocols detected with blocking use cases.
Anonymizers
  • Detect anonymous proxy services that may be cloaking harmful activities, including those using multiple layers of encryption.
Complex Tunneling
  • Gain visibility into traffic using complex tunneling, with full protocol paths revealed for up to 16 levels of encapsulation.
Covert Communication Channels
  • Detect non-standard tunneling activities over legitimate protocols such as DNS or ICMP, which may indicate unauthorized or illegal activities.
Domain Fronting
  • Reveal the use of routing schemes in Content Delivery Networks (CDNs) and other services that mask the intended destination of HTTPS traffic (direct or tunneled).
Traffic Spoofing
  • Identify apps (e.g., eProxy, HTTP Injector) that combine techniques (such as protocol header customization, proxies, tunneling & domain fronting) to evade detection.
File Spoofing
  • Detect inconsistencies such as a false MIME type or a mismatch between the original hash and computed hash.
P2P Misuse
  • Classify obfuscated P2P traffic to support forensics and behavioral modeling of network traffic.
Device Identification
  • Identify OS and Device in the company’s network to set specific rules in a BYOD world.
DPI-based Traffic Intelligence for Cyber Defense & Critical Networks

VIDEO

Using Cyber Sensors to Detect Advanced Threats – Case Study: Sunburst Attack via Solarwinds

DATASHEET

Enea Qosmos Probe as a DPI Sensor for Cyber Defense

DATASHEET

Enea Qosmos ixEngine: Next-Generation DPI Engine for Maximum Traffic Visibility

Qosmos ixEngine: Next-Generation DPI for Maximum Traffic Visibility