Novetta Cyber Analytics

Know Your Network. Arm Your Analysts.

Novetta Cyber Analytics applies machine learning algorithms to detect anomalous traffic patterns, provides users with the ground truth network traffic analytics needed for investigation, alert triage, incident response, and threat hunting. Novetta Cyber Analytics fills a critical gap in today’s enterprise cyber security toolset.

We provide our customers with unmatched insight to proactively detect new threats and intelligence to revolutionize their investigations. Novetta Cyber Analytics empowers analysts with rapid access to enriched, contextualized, raw network security data and intelligence.

FEATURES

Image for Network Traffic Decoder Framework

Network Traffic Decoder Framework

Provides a powerful framework of modular decoders for targeted post-processing of raw packet capture data. Decoders can extract files, decrypt payloads, translate encoded content and automate malware analysis.  Customers can add their own decoders, and Novetta design new decoders to meet custom needs. Supports integration of multiple additional open-source decoding frameworks and can decode subsets of traffic without requiring all traffic to be processed.

Image for Live Network Traffic Collection and Storage

Live Network Traffic Collection and Storage

Live network traffic is collected by sensors at 1G, 10G, and higher line rates. This traffic is sessionized (i.e. organized by conversation), processed, and stored for later retrieval during investigations.

Network Traffic Decoder Framework

Live Network Traffic Collection and Storage

Provides a powerful framework of modular decoders for targeted post-processing of raw packet capture data. Decoders can extract files, decrypt payloads, translate encoded content and automate malware analysis.  Customers can add their own decoders, and Novetta design new decoders to meet custom needs. Supports integration of multiple additional open-source decoding frameworks and can decode subsets of traffic without requiring all traffic to be processed.

Live network traffic is collected by sensors at 1G, 10G, and higher line rates. This traffic is sessionized (i.e. organized by conversation), processed, and stored for later retrieval during investigations.

Image for Metadata Extraction

Metadata Extraction

Essential metadata is extracted from the live network traffic and placed in a centralized analysis hub where it can be rapidly searched and queried. Automatic and manual searches return results in seconds even across metadata representing petabytes of traffic. Our DPI has the capability to classify and extract fields from over 1,900 protocols and helps make uncommon protocol easier to find.

Image for Fully Scalable

Fully Scalable

Every component of Novetta Cyber Analytics can scale to meet any size mission requirement.  From the live-capture sensors, to the analysis pipeline, custom decoders and the data warehouse.  Novetta Cyber Analytics can capture and store data at any volume and be dynamically expanded for future growth without taking the system offline.

Metadata Extraction

Fully Scalable

Essential metadata is extracted from the live network traffic and placed in a centralized analysis hub where it can be rapidly searched and queried. Automatic and manual searches return results in seconds even across metadata representing petabytes of traffic. Our DPI has the capability to classify and extract fields from over 1,900 protocols and helps make uncommon protocol easier to find.

Every component of Novetta Cyber Analytics can scale to meet any size mission requirement.  From the live-capture sensors, to the analysis pipeline, custom decoders and the data warehouse.  Novetta Cyber Analytics can capture and store data at any volume and be dynamically expanded for future growth without taking the system offline.

Image for Contextual Data Enrichment

Contextual Data Enrichment

Automatically enriches collected network data with contextual information like geolocation data, domain resolutions, network-specific asset tags, and more. Customer specific knowledge or threat intelligence data can be joined to any field and used to filter, aggregate, or annotate network traffic. 

Image for Integration with Existing Tools

Integration with Existing Tools

All core capabilities in Novetta Cyber Analytics are isolated into separate microservices and accessible through REST web-based APIs.  This allows easy integration with existing tools and databases or automation of Novetta Cyber Analytics capabilities.

Contextual Data Enrichment

Integration with Existing Tools

Automatically enriches collected network data with contextual information like geolocation data, domain resolutions, network-specific asset tags, and more. Customer specific knowledge or threat intelligence data can be joined to any field and used to filter, aggregate, or annotate network traffic. 

All core capabilities in Novetta Cyber Analytics are isolated into separate microservices and accessible through REST web-based APIs.  This allows easy integration with existing tools and databases or automation of Novetta Cyber Analytics capabilities.

Image for Multi-Tenant Platform

Multi-Tenant Platform

Novetta Cyber Analytics provides full role-based access controls and private workspaces for each user.  The system can host multiple permission-controlled sets of data for different customers or investigations.  Each user has access to both shared and private analytics, dashboards and enrichment tags. Users can share analytics, dashboards and tags.

Multi-Tenant Platform

Novetta Cyber Analytics provides full role-based access controls and private workspaces for each user.  The system can host multiple permission-controlled sets of data for different customers or investigations.  Each user has access to both shared and private analytics, dashboards and enrichment tags. Users can share analytics, dashboards and tags.

USE CASES

Novetta Cyber Analytics supports live-capture network-defense customers such as security operations centers protecting entire companies or agencies. Novetta Cyber Analytics also supports investigative, incident response or law-enforcement customers analysing pre-filtered traffic data from live capture or other internal tools.

Image for Provides Visibility Where Others Can't

Provides Visibility Where Others Can't

Many networks are instrumented to collect data for security purposes, however, most can’t execute the in-depth analysis critical for security because they’re unable to access the raw data, without gaps, in a timely manner. Novetta Cyber Analytics was architected for rapid retrieval of analytical query results from full, raw packet capture data at petabyte scale, in seconds; delivering the right data at the right time.

Image for Dramatically Increases Analyst Productivity

Dramatically Increases Analyst Productivity

Organizations are often notified they’ve been breached by an outside source, then begin scrambling to identify the cause. This results in an overloaded security staff, spending cycles inefficiently researching countless alerts and events, causing incidents to go unresolved longer. This means unattended, less visible activities manifest themselves into threats. Novetta provides critical data instantaneously, improving analyst productivity and accelerating the discovery of network compromises for faster triage and remediation.

 

Image for A Platform for Analytics and Threat Hunting

A Platform for Analytics and Threat Hunting

Common security methodologies that focus on events and alerts limit visibility to high level information about known threats, missing critical details found in raw data. Novetta provides analytical interrogation of enriched, raw packet data to identify threatening behavior before events are triggered and the business is impacted.

 

RESOURCES