Novetta Cyber Analytics
Novetta Cyber Analytics
SCHEDULE DEMO
Know Your Network.
Arm Your Analysts.
Novetta Cyber Analytics applies machine learning algorithms to detect anomalous traffic patterns, provides users with the ground truth network traffic analytics needed for investigation, alert triage, incident response, and threat hunting. Novetta Cyber Analytics fills a critical gap in today’s enterprise cyber security toolset.
We provide our customers with unmatched insight to proactively detect new threats and intelligence to revolutionize their investigations. Novetta Cyber Analytics empowers analysts with rapid access to enriched, contextualized, raw network security data and intelligence.
Improve Analyst Productivity
Are you still trying to analyze your network data with Wireshark? Novetta Cyber Analytics provides analysts with machine-learning, analytics, and expert queries to interrogate raw, contextual and enriched data at scale. Returns actionable security intelligence data in seconds.
Maximize Your Security Investment
Augment raw PCAP data for enrichment, consolidation, and in-depth analysis. Intelligent and flexible instrumentation runs on commodity hardware. Aggregates custom data sources and integrates seamlessly with third-party SIEMs.
Turn Your Analysts
into Threat Hunters
Leverages sophisticated analytical tools, including temporal analysis, to derive threat intelligence. Identify suspicious activity indicative of malicious behavior. Compile definitive evidence of suspicious activities that evade alerts and may represent silent attacks on your network.
Improve Analyst Productivity
Maximize Your Security Investment
Turn Your Analysts
into Threat Hunters
Are you still trying to analyze your network data with Wireshark? Novetta Cyber Analytics provides analysts with machine-learning, analytics, and expert queries to interrogate raw, contextual and enriched data at scale. Returns actionable security intelligence data in seconds.
Augment raw PCAP data for enrichment, consolidation, and in-depth analysis. Intelligent and flexible instrumentation runs on commodity hardware. Aggregates custom data sources and integrates seamlessly with third-party SIEMs.
Leverages sophisticated analytical tools, including temporal analysis, to derive threat intelligence. Identify suspicious activity indicative of malicious behavior. Compile definitive evidence of suspicious activities that evade alerts and may represent silent attacks on your network.
FEATURES
Network Traffic Decoder Framework
Provides a powerful framework of modular decoders for targeted post-processing of raw packet capture data. Decoders can extract files, decrypt payloads, translate encoded content and automate malware analysis. Customers can add their own decoders, and Novetta design new decoders to meet custom needs. Supports integration of multiple additional open-source decoding frameworks and can decode subsets of traffic without requiring all traffic to be processed.
Live Network Traffic Collection and Storage
Live network traffic is collected by sensors at 1G, 10G, and higher line rates. This traffic is sessionized (i.e. organized by conversation), processed, and stored for later retrieval during investigations.
Network Traffic Decoder Framework
Live Network Traffic Collection and Storage
Provides a powerful framework of modular decoders for targeted post-processing of raw packet capture data. Decoders can extract files, decrypt payloads, translate encoded content and automate malware analysis. Customers can add their own decoders, and Novetta design new decoders to meet custom needs. Supports integration of multiple additional open-source decoding frameworks and can decode subsets of traffic without requiring all traffic to be processed.
Live network traffic is collected by sensors at 1G, 10G, and higher line rates. This traffic is sessionized (i.e. organized by conversation), processed, and stored for later retrieval during investigations.
Metadata Extraction
Essential metadata is extracted from the live network traffic and placed in a centralized analysis hub where it can be rapidly searched and queried. Automatic and manual searches return results in seconds even across metadata representing petabytes of traffic. Our DPI has the capability to classify and extract fields from over 1,900 protocols and helps make uncommon protocol easier to find.
Fully Scalable
Every component of Novetta Cyber Analytics can scale to meet any size mission requirement. From the live-capture sensors, to the analysis pipeline, custom decoders and the data warehouse. Novetta Cyber Analytics can capture and store data at any volume and be dynamically expanded for future growth without taking the system offline.
Metadata Extraction
Fully Scalable
Essential metadata is extracted from the live network traffic and placed in a centralized analysis hub where it can be rapidly searched and queried. Automatic and manual searches return results in seconds even across metadata representing petabytes of traffic. Our DPI has the capability to classify and extract fields from over 1,900 protocols and helps make uncommon protocol easier to find.
Every component of Novetta Cyber Analytics can scale to meet any size mission requirement. From the live-capture sensors, to the analysis pipeline, custom decoders and the data warehouse. Novetta Cyber Analytics can capture and store data at any volume and be dynamically expanded for future growth without taking the system offline.
Contextual Data Enrichment
Automatically enriches collected network data with contextual information like geolocation data, domain resolutions, network-specific asset tags, and more. Customer specific knowledge or threat intelligence data can be joined to any field and used to filter, aggregate, or annotate network traffic.
Integration with Existing Tools
All core capabilities in Novetta Cyber Analytics are isolated into separate microservices and accessible through REST web-based APIs. This allows easy integration with existing tools and databases or automation of Novetta Cyber Analytics capabilities.
Contextual Data Enrichment
Integration with Existing Tools
Automatically enriches collected network data with contextual information like geolocation data, domain resolutions, network-specific asset tags, and more. Customer specific knowledge or threat intelligence data can be joined to any field and used to filter, aggregate, or annotate network traffic.
All core capabilities in Novetta Cyber Analytics are isolated into separate microservices and accessible through REST web-based APIs. This allows easy integration with existing tools and databases or automation of Novetta Cyber Analytics capabilities.
Multi-Tenant Platform
Novetta Cyber Analytics provides full role-based access controls and private workspaces for each user. The system can host multiple permission-controlled sets of data for different customers or investigations. Each user has access to both shared and private analytics, dashboards and enrichment tags. Users can share analytics, dashboards and tags.
Multi-Tenant Platform
Novetta Cyber Analytics provides full role-based access controls and private workspaces for each user. The system can host multiple permission-controlled sets of data for different customers or investigations. Each user has access to both shared and private analytics, dashboards and enrichment tags. Users can share analytics, dashboards and tags.
USE CASES
Novetta Cyber Analytics supports live-capture network-defense customers such as security operations centers protecting entire companies or agencies. Novetta Cyber Analytics also supports investigative, incident response or law-enforcement customers analysing pre-filtered traffic data from live capture or other internal tools.
Provides Visibility Where Others Can't
Many networks are instrumented to collect data for security purposes, however, most can’t execute the in-depth analysis critical for security because they’re unable to access the raw data, without gaps, in a timely manner. Novetta Cyber Analytics was architected for rapid retrieval of analytical query results from full, raw packet capture data at petabyte scale, in seconds; delivering the right data at the right time.
Dramatically Increases Analyst Productivity
Organizations are often notified they’ve been breached by an outside source, then begin scrambling to identify the cause. This results in an overloaded security staff, spending cycles inefficiently researching countless alerts and events, causing incidents to go unresolved longer. This means unattended, less visible activities manifest themselves into threats. Novetta provides critical data instantaneously, improving analyst productivity and accelerating the discovery of network compromises for faster triage and remediation.
A Platform for Analytics and Threat Hunting
Common security methodologies that focus on events and alerts limit visibility to high level information about known threats, missing critical details found in raw data. Novetta provides analytical interrogation of enriched, raw packet data to identify threatening behavior before events are triggered and the business is impacted.
RESOURCES
Get Started
