NextComputing, creators of the Packet Continuum cybersecurity software architecture with lossless packet capture, announce additional threat intelligence features. The new additions are also included on the CyberPro deployable security appliance.
“Threat intelligence platforms continue to gain popularity across a broad user base and for good reason. Threat intelligence, information gathered from several disparate sources, accessible by human analysts, is used to identify a specific threat to a specific target. Recent headlines suggest that organizations today are not well equipped to perform highly intricate and complex analysis and, as a result, attackers are winning.”
– INSIGHTS FROM BETWEEN THE LINES By Steven Bullitt, Contributor, CSO January 2018)
Real visibility into the network is a key component to protect against today’s complex, targeted attacks.
NextComputing’s Cybersecurity Division is focused on providing detailed visibility into the network with Packet Continuum, providing fast query retrieval, IDS alerting and a real-time Log Investigator with an intuitive UI.
To enhance its capabilities, Packet Continuum now includes twofold security against malicious IP addresses with its new Asset IP and Threat IP monitoring features.
The Asset IP Monitoring feature enables the identification, monitoring, viewing, and and automatic approval of “Critical IP” addresses (essential infrastructure) as well as “Trusted Asset IPs” (host IP addresses defined as safe).
The Threat IP Monitoring feature enables the same functionality with regards to “Threat IP” addresses and user-defined IPs, as well as mitigation of those threats once spotted. Packet Continuum comes pre-loaded with a known list of Threat IPs (several malicious IPs previously identified by trusted sources such as US-CERT) for your protection. Easily add any additional IPs for alerting as they become identified as threatening or suspicious.
Information on both assets and threats can be viewed as a list or an easy-to-read Sankey Graph. New REST functions enhance the software’s viewing capabilities. Sessions, packets, alert data and DPI data can be viewed without external tools or having to download to the local system. Besides viewing, the user also has the capability to create more concentrated and focused searches from the view data available.
CyberPro is a deployable security appliance that incorporates the Packet Continuum architecture. Adding to the critical elements necessary for a comprehensive incident response plan, field technicians, IT/InfoSec specialists, and network engineers gain visibility into Trusted and Threat IPs while on-site with the new asset and threat monitoring features.
Key asset / threat features include:
- Ability to set alerts based on identified asset (trusted) IP addresses and threat IP addresses
- Monitor / view sessions containing specified asset IP or threat IP as source or destination
- One click into detailed a PCAP session information where asset or threat is identified
- Severe alerts can be set to trigger when a threat IP is identified as present in a session
- Active Defense actions can be set to automatically execute when a packet’s source/destination IP is included in the Threat IP list
- Ability to upload/view/delete user-defined Suricata rules for each Active Defense action
- Alert info sent to external server when an Active Defense action is unavailable
Gain better real-time visibility and forensics insight into your own critical network data resources with Packet Continuum from small to large scale configurations at a very cost-effective price.
For more information on NextComputing Cybersecurity products, contact firstname.lastname@example.org