Sumo Logicの製品概要や事例等のお役立ちコンテンツはこちら! さらに詳しく

ARIA Packet Intelligence App for Sumo Logic

Provides the deep visibility needed to stop network-borne attacks early in the kill chain

Gain insights into your internal network traffic to accelerate incident detection and response

Valuable Security Insights

Detect network cyber-attacks

The ARIA Packet Intelligence application creates unsampled NetFlow or IPFIX metadata for every network packet. This allows for the detection of network-borne attacks, including ransomware, malware, APTs and intrusions early in the kill chain before significant harm occurs. Visualize and profile all internal network traffic.

In Depth Security

Stop attacks immediately

Once attacks are identified by the ARIA Sumo Logic queries, the ARIA Packet Intelligence application can take action to stop the attacks at the conversation level. SOC teams using the ARIA SDS interface, or a SOAR application that is driving through APIs, instructs the ARIA SDS instances, which are deployed in line within the network, to stop the specific threat conversations based on the packet SRC/DST or 5 tuple. All the while, taking out the threat conversations and leaving critical devices and production VMs online.

Logs

Classify network threats

ARIA SDS classifies all network traffic, in real-time, as it traverses the network. Once the Sumo Logic queries detect threats from the metadata generated by ARIA SDS, it allows SOAR applications, such as Demisto, to automatically drive the ARIA Packet Intelligence application to redirect live streams, or copies, of selected traffic data conversations, as set on filters like Packet SRC/DST, for further inspection, by central detection tools like an IPS/IPS and DLP.