LiveAction Launches ThreatEye, a Network Detection and Response Platform That Delivers Complete Encrypted Traffic Analysis and Visibility
Combining next-generation data collection, advanced behavior analysis and streaming machine learning, ThreatEye uses more than 150 flow features with Deep Packet Dynamics for unprecedented threat and anomaly detection
Palo Alto, Calif. – January 25, 2022 – LiveAction, a leader in end-to-end visibility for network security and performance, today announced the release of ThreatEye. A network detection and response platform (NDR), ThreatEye combines next-generation data collection, advanced behavior analysis and streaming machine learning to give SecOps teams unprecedented visibility into encrypted traffic, threats and network anomalies. Utilizing Deep Packet Dynamics (DPD) that eliminates the need for payload inspection, the platform analyzes more than 150 packet traits and behaviors across multi-vendor, multi-domain and multi-cloud network environments. This helps accelerate real-time threat detection, eliminates encryption blindness, validates encryption compliance, and allows teams to better secure the entire network and coordinate responses with other security tools such as SIEM and SOAR.
“Having comprehensive visibility into encrypted traffic and being able to automate advanced analysis of that data in real-time is critical to protecting against today’s advanced threats. Traditional tools rely on deep packet inspection or rules-based monitoring, which impacts performance and is proven to no longer be sufficient,” said Thomas Pore, Director of Security Products at LiveAction. “ThreatEye uses new DPD technology that provides high-fidelity flow records that analyze more than 150 packet and flow features, all without payload inspection, which can negatively impact performance. When combined with advanced data collection and machine learning models, customers get the industry’s most powerful NDR solution.”
ThreatEye was designed to help organizations and their SecOps teams improve threat detection and prevent adversaries from executing successful disruptive and damaging attacks. Key updates to the platform include more than 150 new detection capabilities including advanced behavior anomaly detection, encrypted metadata threat detections, plaintext metadata threat detections, AI/ML-driven detections, AI/ML-driven encryption inventory, DNS/DoH detections, and Active Exploit Detections. The platform also offers continuous packet capture with single-click pivot-to-PCAP through a new ThreatEye probe integration with LiveAction’s LiveWire, which extends packet-to-flow visibility of virtual infrastructure. The combination of threat detection and encrypted traffic analysis with packet capture delivers unmatched visibility for SecOps teams looking to improve their security strategy and response capabilities.
Key benefits and features of ThreatEye:
- Real-Time Threat and Anomaly Detection – ThreatEye’s Deep Packet Dynamics (DPD) is agnostic to packet contents and uses a rich metadata set of more than 150 packet dynamic features to create a historical inventory of traits and behaviors for profiling and fingerprinting, a technique that works equally well with both encrypted and unencrypted traffic. Machine Learning models are applied to identify advanced behavioral threat actor anomalies and the platform is designed to process millions of events per second in real-time.
- Eliminate Encryption Blindness and Validate Compliance – Increased adoption of encrypted network protocols is causing the erosion of network visibility for security teams. As a result, legacy tools are losing visibility. Encrypted traffic analysis and the application of ML to DPD enables encrypted traffic analysis without decryption or performance degradation. The platform also provides encryption-policy-specific alerting and reporting for security compliance.
- Simple Deployment to Secure the Entire Network – ThreatEye is a SaaS offering with software sensors deployed as containerized software applications. This containerized approach allows the solution to be deployed either on-premises, in a private or public cloud, or a mixture of both. From core to edge to cloud, ThreatEye includes lightweight, easy-to-deploy software sensors available for deployment anywhere and everywhere visibility is needed.
- SOC Enabled – With a multi-stage analysis pipeline that correlates and enriches traffic with finding details, risk scores, and MITRE ATT&CK labeling, time to investigate and respond is dramatically decreased. Teams can respond in real-time and accelerate triage with integrated packet analysis. ThreatEye’s SaaS offering includes SOC-enabled dashboards to further drive response efficiency.
- Coordinate a Cohesive Security Response – ThreatEye interconnects seamlessly with existing security tools like SIEMs, SOAR, and Threat Intelligence. Workflow automation with products like Cisco SecureX allows teams to take immediate action on security events to quarantine hosts or block threats. SIEM integration can provide a correlation with EDR events and malicious activity on previously unseen encrypted channels.
- Streaming Machine Learning Analysis – Powered by a streaming machine learning engine, the platform ingests high-fidelity metadata generated by its software probes. The ML engine is purpose-built for network security and unlike traditional batch processing, streaming ML is fueled by analyzers – or models – engineered to analyze network traffic without multiple passes over the data stream. These models are custom-built for specific security and visibility use cases and scale via parallel processing.
LiveAction provides end-to-end visibility for network security and performance. By relying on a single source of truth – the packets – LiveAction gives modern enterprises the confidence needed to ensure the network is securely meeting business objectives, providing full network visibility to better inform NetOps and SecOps, and reducing the overall cost of network and security operations. By unifying and simplifying the source of collection, inspection, presentation, and analysis of network traffic, LiveAction empowers network and security professionals to proactively and quickly identify, troubleshoot, and resolve issues across increasingly large and complex networks. To learn more about LiveAction, visit https://www.liveaction.com.