SS8 built its network traffic-inspection and analysis platform as a tool for intelligence agencies to discover communications among criminals and terrorists but now has scaled it back for enterprises to stop data breaches.
Called BreachDetect, the business-sized software gathers highly detailed network traffic data that discovers application flows and the activity of individual machines and analyzes them to find anomalies that indicate foul play.
The platform also stores the information it collects so it can be analyzed over and over as new threat indicators are identified. That way corporate security pros can discover threats that may have been lurking undetected for months and figure out when and how they got there, SS8 says.
Similar approaches, with variations, are used by TaaSERA, Cybereason, Damballa, LightCyber and Vectra as well as vendors with broader portfolios such as Carbon Black, Black Ensilo, Fireeye, Guidance, Promisec, Resolution1 Security, and Tanium. The basic thrust is to find suspicious behaviors quickly so they can be blocked.
The product SS8 sells to intelligence and law enforcement agencies can process terabits per second, but BreachDetect is pared down to operate at gigabits per second. It also has streamlined workflows built in to make using the analytics more straightforward for less sophisticated users.
Its near-real-time analysis can correlate suspicious activity on the fly to halt data breaches as they unfold, anywhere from reconnaissance to attempts at exfiltrating.
Customers can store the data gathered indefinitely, giving them a historical record of activity that the BreachDetect’s Learning Analytic Engine can comb through again and again as it learns more about actual threats. SS8 calls this capability a time machine for breach detection.
The sensors are deployed at exit points from the customer network to the Internet where it classifies traffic by protocols but works its way down to inspecting flow content.
SS8 charges customers based on two factors: the average monthly rate at which it analyzes data and how long the data is stored. An average rate of 100Mbps costs $1,200 per month. That amount of data is stored for $400 per month. BreachDetect is sold either as an on-premises platform or a cloud service.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.