Enea last week announced the availability of the Qosmos Probe 2.0 configured as a Deep Packet Inspection (DPI) sensor, designed to strengthen cyber threat hunting capabilities at Security Operations Centers (SOCs).
Enea says that SOCs need accurate traffic intelligence to identify advanced threats that evade traditional cyber incident detection and protection solutions. Configured as a DPI sensor, the Qosmos Probe provides detailed, real-time traffic information about applications and protocols. The extracted data is formatted in a normalized stream for easy consumption by security analytics, Security Information and Eqovent Management (SIEM), or other incident response tools.
The Qosmos Probe leverages the power of ixEngine DPI engine to deliver best in class traffic intelligence:
- Complete visibility up to the application level (OSI layer 7) Classification of 3000+ protocols Extraction of 5000+ application metadata
- Flexible management interfaces with support for NETCONF, REST, CLI Information can be exported in multiple standard formats (CSV, IPFIX, JSON, etc.)
- Connectors for open source databases (Elasticsearch, InfluxDB, etc.)
- Cloud-native architecture suitable for virtualized environments (OpenStack, VMware) and cloud-based applications
The benefits of the Enea Qosmos Probe for SOCs include:
- Improved threat hunting capabilities based on detailed real-time traffic information
- Size of forensic data reduced by up to 150x compared to full packet capture (FPC)
- Less false positives when using information from the DPI sensor to improve rules for Intrusion Detection and Prevention Systems (IDPS).
Jean-Philippe Lion, SVP of the DPI Business Unit, Enea
Cyber threats are becoming increasingly sophisticated and therefore Security Operations Centers need highly effective detection capabilities. The Qosmos probe is an essential source of information to identify and protect against the most advanced attacks.