Network traffic is increasing exponentially and imposing ever increasing challenges to network monitoring and analysis tools. BYOD, Vx workloads, migration to SaaS etc. add complexity and unpredicted traffic patterns. All these expose significant surface areas for threat vectors to execute. Bad actors move in and out of the network. It is simply naïve to imagine that networks cannot be compromised or have not been already compromised. APT and zero-day attacks are here to stay.
Cyber attacks have become very sophisticated and ever changing. Providing context to a abnormal activity and connecting the dots is key. With COURANT NETWORKS correlation engines, connecting the dots between unusually large DNS requests or to non-existing domains and potential data exfil is easy. Lateral movement of an APT can be correlated with low frequency anomalous behavior such as non-frequent failed ADS passwords from different machines at periodic times of the day are readily correlated
Continuous Adaptive Risk and Trust Assessment (CARTA) based policy management must be enforced through the network. These will at the very least ensure that the SIEM teams are ready when the event happens and perhaps can even steer the attacks away or reduce the exfil and lateral movement of these attacks as they happen In order to achieve all this, detailed visibility into the traffic is important.
COURANT NETWORKS probes listen passively via TAPs or via Packet Brokers on the network. These probes perform DPI on the packet flows and generate the relevant context sensitive and fully correlated JSON records. That have full context information of the application ID, device identifiers, user identifier and other data as described in the sections below
While it is important to get visibility into the services of the network it helps if the device type and the OS of the device can be identified. COURANT NETWORKS device identification engine extracts and maps the Device Type in use as well as the OS being used by the device. This allows to build a wholistic picture of the connection as well as with profile building.