BOSTON,– CSPi (NASDAQ: CSPI), a provider of cybersecurity and packet capture products, managed IT and professional services and technology solutions today announces the ARIA SDS Packet Intelligence (PI) application at the RSA 2019 conference in San Francisco. The latest offering in the patented ARIA SDS portfolio solves the inability to monitor all network traffic, in some cases up to 80% unmonitored, leading to a sizable blind spot in network activity. Through the Packet Intelligence application security resources have complete network visibility, including east-west traffic, as well as automated capabilities for threat detection, disruption and network policy enforcement all without impacting network or application performance. Depending upon an organization’s security needs, the ARIA SDS solution is offered in several configurations from software only to hardened appliances.
For organizations that already have threat detection tools, including SIEMs, UEBA, IDS/IPS integrated into their security infrastructure the ARIA PI application dramatically improves the effectiveness and performance. These tools are only as good as the data that is directed to them for analysis, the greater the irrelevant data that is ingested, the greater the resulting false alerts. ARIA PI was designed to feed modern ML and AI detection enhanced tools with the flow metadata they can ingest to properly detect critical threats in minutes. ARIA PI can monitor the entire network East-West as well as North-South and send unsampled network metadata to these tools allowing them to efficiently detect network born threats in real-time.
Threat detection is only one step in the chain to remediation. Analysts often need to fully investigate and scope a threat. ARIA PI can send specific requested data – that which contains the actual threat conversations – radically reducing investigative response (IR) effort and time. Since many organizations have critical information stored on particular assets, PI can actively monitor these assets data conversations in their entirety at the packet level – looking for threats, all while allowing such conversations to run without performance impact.
Detecting threats quickly and performing rapid IR is only half the battle. Threats need to be stopped. ARIA PI performs this function as well: Pushbutton as directed by a SOC analyst- or fully automated via its APIs that work with most modern SIEMs and SOAR tool sets. Such commands can be used to stop particular threat conversations – east west as well as north south and it’s done independently without impacting network gear and firewalls with complicated error prone policies. What’s truly unique is the ability to stop a threat conversation from within the network without shutting down a particular compromised asset like a critical server. This can keep production processes running while safely bringing up backup devices to take over.
These unique capabilities increase not only the speed and accuracy of detecting network born threats but does the same for incident remediation – a true breakthrough. The reduced data can also reduce costs if charges are assessed based upon the amount of data ingested.
With the central orchestration and management provided by the ARIA SDS Platform the PI application is not only simple to deploy but also scales to one or hundreds of instances across a wide-spread organization. The ARIA PI solution is offered in four configurations, each designed to meet a variety of security needs:
This fully automated solution identifies and classifies all network traffic at full line rates of 10G or 25G with no loss of application performance. The PI Threat Analytics configuration improves network visibility by providing Netflow metadata and application ID information for each traffic stream, allowing for quicker identification of threats.
Deployed either through a tap or switch span the classified and specified traffic streams are directed to the appropriate security toolsets, including SIEMs, IDS, UEBA, and DLP for further analysis. Additional, adaptive filtering, including shunting, allows detection tools to operate more effectively by focusing analysis on the most relevant traffic.
When deployed in-line and paired with security threat detection solutions supporting automated scripts and workflows including SOAR solutions, threats can be immediately stopped as they are detected. Direct central management and control, through the GUI allows SOC teams to quickly stop a threat. While leveraging the APIs offers the ability to eliminate the manual effort required to stop the threats. The solution’s high-availability features provide the resiliency required for critical production network in-line deployment.
The most robust configuration is a complete turnkey approach providing full network-based threat detection or protection via direct integration with third party IDS tools, to detect threats or if in-line: via IPS to detect and to take automatic, actions to stop or disrupt threats once detected. This preconfigured solution gives organizations a cost-effective centralized and orchestrated way to secure their environment, and provides the right data needed for security teams to perform any required IR activities.
To learn more about the ARIA Packet Intelligence application and other CSPi cybersecurity solutions visit booth #6480, in the North Expo hall at RSA 2019.
About CSP Inc.
CSPi (NASDAQ:CSPI) maintains two distinct and dynamic divisions – the High Performance Products, including the Cybersecurity Center of Excellence, and Technology Solutions – with a shared vision for technology excellence. CSPi’s cybersecurity solutions are born from network security, data protection and intelligence initiatives with the department of defense and western intelligence agencies. This experience provides a unique perspective to protecting an organization’s critical assets to minimize, or remove, the impact threats including data breaches. Our ARIA Software Defined Security platform solves the complexities associated with securing devops environments, while our Myricom nVoy Series appliances provide automated breach identification and notification, enabled by the 10G dropless packet capture inherent in our Myricom® ARC intelligent adapters. CSPi’s Technology Solutions division helps clients achieve their business goals and accelerate time to market through innovative IT solutions and security services by partnering with best in class technology providers. For organizations that want the benefits of an IT department without the cost, we offer a robust catalog of Managed IT Services providing 24×365 proactive support. Our team of engineers have expertise across major industries supporting five key technology areas: Advanced Security; Communication and Collaboration; Data Center; Networking and Wireless & Mobility. For more information, please visit www.cspi.com. Myricom and ARIA are trademarks of CSPi Inc. All other brand names, product names or trademarks belong to their respective owners.