Provides the deep visibility needed to stop network-borne attacks early in the kill chain
The ARIA Packet Intelligence application creates unsampled NetFlow or IPFIX metadata for every network packet. This allows for the detection of network-borne attacks, including ransomware, malware, APTs and intrusions early in the kill chain before significant harm occurs. Visualize and profile all internal network traffic.
Once attacks are identified by the ARIA Sumo Logic queries, the ARIA Packet Intelligence application can take action to stop the attacks at the conversation level. SOC teams using the ARIA SDS interface, or a SOAR application that is driving through APIs, instructs the ARIA SDS instances, which are deployed in line within the network, to stop the specific threat conversations based on the packet SRC/DST or 5 tuple. All the while, taking out the threat conversations and leaving critical devices and production VMs online.
ARIA SDS classifies all network traffic, in real-time, as it traverses the network. Once the Sumo Logic queries detect threats from the metadata generated by ARIA SDS, it allows SOAR applications, such as Demisto, to automatically drive the ARIA Packet Intelligence application to redirect live streams, or copies, of selected traffic data conversations, as set on filters like Packet SRC/DST, for further inspection, by central detection tools like an IPS/IPS and DLP.
An at-a-glance view, generated by data from ARIA SDS Packet Intelligence, to provide insight into network security posture. This provides a drill down summary of critical threats and attacks
Provides a drill down view as to what is communicating within your organization.
