Printer Friendly


CounterFlow AI, the first security provider to deliver AIOps for network forensics, tintroduced its flagship solution ThreatEye, an open, scalable AIOps platform that brings together machine learning, full packet capture, and visualization to identify network faults, anomalies and threats at wire speed. This new platform eases the burden of SOC analysts who are in need of high-fidelity analysis for investigations but are overwhelmed by unnecessary volumes of data flowing through the network.

ThreatEye seamlessly integrates on-premise and public cloud infrastructures so that analysts benefit from the greater agility, visibility and scalability of public cloud services while getting the performance and cost benefits of the private cloud. The network forensics platform employs its technology stack to offer two AIOps-driven solutions: Network Intelligence and Intelligent Packet Capture.

AIOps artificial intelligence for IT operations offers a new level of automation necessary for SOCs to increase their effectiveness with how they respond to and act on the data in their organizations' networks. It also provides a gateway to apply and innovate with machine learning and data science to transform the way organizations approach network forensics.

The ThreatEye Network Forensics platform incorporates machine learning and artificial intelligence to enable intelligent packet capture, which allows security teams to reduce extraneous data by up to 80% while retaining only forensically relevant packets. Legacy solutions and traditional approaches supporting bulk packet capture place an overwhelming burden on organizations and their security analysts to ingest, analyze and record all the network data, often leading to slow and inconclusive findings. Due to the substantial data storage requirements associated with this, the traditional approach renders the cost of packet capture virtually unaffordable at scale.

ThreatEye's Network Intelligence is an AIOps solution for network forensics that allows analysts to better identify anomalous network behavior and performance bottlenecks. As networks increase in speed and become more dynamic, it is also more challenging to determine a stable baseline from which to assess network performance. Traditional flow and connection logs are not sufficiently detailed to allow analysts to rapidly focus on the true bottlenecks and anomalies. ThreatEye's in-depth data platform offers deeper layers of data insights about low-level connections and intra-flow packet dynamics to support analysts in their forensic mission. These data points provide a richer environment for an AI system to be more responsive to changes in network activity and apply detailed flow information, learned statistics and machine learning models to identify the anomalies and performance bottlenecks in near real-time.

CounterFlow AI's ThreatEye Network Forensics platform integrates a collection of solutions that can be deployed as containerized applications in the cloud or on premise and include:

- ThreatEye Sensor: a real-time network flow sensor that combines a rich set of feature extractions with streaming machine learning analysis. ThreatEye Sensor extracts and analyzes over 100 network data fields that include flow monitoring, extended flow attributes, packet dynamics, computed statistics and management records. Built on Argus, a proven open- source project, ThreatEye Sensor includes enterprise- grade features and performance enhancements to support machine learning and encrypted traffic analysis at line rates, up to 40Gbps.

- ThreatEye Recorder: a high-performance network traffic recorder that guarantees line-rate, full packet capture with lossless write-to-disk performance. Designed as a multi-threaded application, the solution integrates advanced packet acquisition technologies like Linux eXpress Data Path (XDP) and Napatech SmartNIC to scale in either physical or virtual deployments, at speeds from 1 to 100Gbps.

- ThreatEye Visualizer: a powerful, interactive application built on Elasticsearch and Kibana and designed to store petabytes of enriched flow data to enable analysts to query and interactively explore forensically relevant data for insights, including threat hunting and incident response operations.

About CounterFlow AI

CounterFlow AI is a cybersecurity software company offering an AIOps platform for network forensics. The flagship product, ThreatEye, integrates advanced security technologies into a streaming machine learning pipeline to identify network faults, anomalies and threats at wire speed. ThreatEye is built for hybrid cloud deployments to easily extend customer network and security operations.

For more information, visit
COPYRIGHT 2019 Worldwide Videotex
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2019 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:UNIX Update
Date:Nov 1, 2019

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters