CyberAnalytics_icon

Even today’s best, mostly automated cyber security solutions, including SIEMs and Security Analytics offerings, cannot guarantee immunity from targeted attacks and sophisticated malware.

Our Solution

Comprehensive Near Real-time Network Security Visibility and Awareness: Novetta Cyber Analytics is an advanced network-traffic analytics solution that empowers analysts with comprehensive, near real-time cyber security visibility and awareness, filling a critical gap in today’s enterprise cyber security toolset. With queries that take only seconds ‒– even at Petabyte network traffic scale ‒– the solution enables analysts to receive comprehensive answers to complex questions “at the speed of thought,” then instantly access the ground truth network traffic needed for alert triage, incident response and hunting. The solution dramatically increases the efficiency and effectiveness of IT security staff and threat response teams by providing them with the right information when they need it.

 

The Benefits

  • Answer petabyte scale PCAP queries in seconds.
  • Reach the right PCAP immediately.
  • Dramatically accelerate alert triage & incident response.
  • Empower your analysts.
  • Maximize your current security infrastructure investment.
  • Be confident when saying, “Yes, we’re secure.”

Our Differentiators

    • Understands the truth of what is happening on your network. SIEMs attempt to detect attacks based on events and logs produced by hosts. However, advanced attackers change events and logs to cover their tracks. So, while SIEMs are useful, they collect, correlate and alert on inherently untrustworthy information. The only way to truly understand what is happening on your network is to enable complete visibility of the ground truth: network traffic.

 

    • Develops a complete, near real-time understanding of suspicious behaviour. Other PCAP-based network security solutions, including netflow-based offerings and security analytics / forensics tools, do not provide the correct, enough, or on-time data for useful work in a constant attack environment. Netflow was designed to monitor network traffic flow, not suspicious security behavior, while security analytics / forensics tools provide too much information, leading to queries that take minutes-to-hours-to-never to complete. Novetta Cyber Analytics utilizes intelligently selected, security-specific, contextually enriched metadata with near instant drill down to stored PCAP, empowering analysts with exactly the right information when they need it.

 

    • Detects advanced attacks that have breached perimeter defenses. With enough time and resource, an advanced attacker will find a way in – and out – of any perimeter defense relying on machine automation. However, by definition, a hacker must cross a network to do anything. Novetta Cyber Analytics queries network traffic to detect attackers as they move laterally across a network and can even detect bad actors using low and slow port scanning techniques for reconnaissance before they breach.

 

    • Develops a battleground understanding of your entire security situation. No other tool provides so much information, when and as they need it, to entire security teams. And with built-in tagging, analysts can even share their thoughts and suspicions with other team members within the tool, enabling collaboration between all Tier 1, 2 & 3 analysts as well as different shifts. This overall knowledge gain has enabled teams using it to go from reactive to completely pro-active, picking and choosing which actors and events to respond to, on their own time.

 

    • Augments current security solutions. Utilizing open APIs, Novetta Cyber Analytics flows directly into current workflows of teams utilizing SIEMs, IDS’s, etc. Also, these tools slow attackers down, and force them to provide clues to Novetta Cyber Analytics to enable breach detection.

 

  • Proven speed, scale and effectiveness on the largest, most attacked networks on earth. Novetta Cyber Analytics was developed for the US Department of Defense to solve exactly the same problem that enterprises are encountering today: an inability to stop advanced persistent attacks, even after purchasing all the “right” tools. It is now the cornerstone tool used at the heart of our nation’s cyber security defense. Handling hundreds of gigabits per second of network data, it’s speed, scale and effectiveness is unprecedented.