Deep Packet Dynamics: What Others Are Saying
Regaining visibility into your encrypted network traffic may seem like a fantasy. However, a cybersecurity approach called Deep Packet Dynamics (DPD) makes this a reality, without requiring you to break encryption.
This approach to securing your network got some attention in the information security press this week.
What are others saying about Deep Packet Dynamics?
Mirko Zorz, Editor in Chief at Help Net Security, wrote about the LiveAction solution to the encryption problem. And network defenders do face a problem here. How do you maintain network security when 90% of network traffic is encrypted?
Here is what Help Net Security is saying:
“Utilizing Deep Packet Dynamics (DPD) that eliminates the need for payload inspection, the platform analyzes more than 150 packet traits and behaviors across multi-vendor, multi-domain, and multi-cloud network environments. This helps accelerate real-time threat detection, eliminates encryption blindness, validates encryption compliance, and allows teams to better secure the entire network and coordinate responses with other security tools such as SIEM and SOAR.”
The platform that Help Net Security is reporting on is called ThreatEye NV, and it is a network detection and response (NDR) tool that takes a deep look at packet dynamics and analyzes their behaviors. It combines encrypted traffic analysis (ETA) and machine learning (ML) to detect advanced threats on the network, regardless of encryption status.
Use cases for this strategy include:
- Ransomware attack detection
- Phishing Detection
- Lateral movement detection
- Insider threat detection
- Data exfiltration detection
- Modern threats of all kinds
How do we deploy this Deep Packet Dynamics tool?
You can forget about having an expensive technology stack at every network exit point. Many NDR tools that rely on decrypting network traffic are set up like this and it’s both expensive and degrading to network performance. That decryption approach also requires agents and is typically limited to Windows and Linux parts of your network.
However, with ThreatEye NV’s deep packet dynamics approach, you use lightweight probes that are easily deployed from edge, to core, to cloud, so you can monitor and detect anomalies on your entire network. Monitoring is completely vendor-agnostic. And because you are tracking behaviors, this approach is unfazed by encryption. Hackers and insiders trying to hide behind encryption will still be detected because of how they behave. In fact, you can expect complex event processing which uses ML to learn more about your environment in order to make determinations by correlating multiple events.
Alerts are SOC ready and are delivered to network defenders with threat level and Mitre ATT&CK framework labeling.
How can I test this deep packet dynamics approach to network security?
Here are several ways to learn more about deep packet dynamics and even try it out at your own organization. Because new threats require new approaches to protect the network.
Request: Inquire about a demonstration of ThreatEye NV
Experience: Ask about a free trial of this DPD approach