«

»

Feb
22

Deploying security-analytics-as-a-service to dissect network attacks

From: ComputerWorld

Packetloop is a new cloud-based service that lets users drill down into network attacks based on uploaded packet captures

Rohan Pearce (CSO Online (Australia))

Sydney-based start-up Packetloop has gone live with its security-analytics-as-a-service offering. The service came out of private beta earlier this month.

The service, which leverages Amazon Web Services’ cloud, lets users upload full network packet captures, which are then analysed by Packetloop to produce a record of attacks against an organisation’s network, complete with visualisations.

“First and foremost it’s about analytics,” Packetloop CEO and co-founder Scott Crane says. “Getting analytics into the hands of the average security user.”

The service encourages users to maintain full records of network traffic, allowing them to trawl through past data when threat profiles are updated to discover zero day attacks, and letting users track APTs from their inception.

Network packets can be captured through switch port mirroring. After the data is processed on-premise by tools such as Wireshark or Pcapper, packet capture files can be uploaded to Packetloop.

Ease of use and the speed with which Packetloop can be employed by organisations are selling points for Crane

“It’s a lot less integration than a SIEM [Security Information and Event Management], from the point of view of having to bring in agents and collectors then set up all these parsers that interpret the log and write it into the SIEM’s format,” Crane says.

“I think our biggest push, and one of the reasons we’re in Amazon, is accessibility,” he adds. “So if you look at our biggest competitors in this space, they’re all appliance driven and they’re expensive, on-premise solutions.

“If you want to go out and use one of our competitors tomorrow it’s difficult. If you want to use us tomorrow, you run the packet capture, upload the packet capture, we process it and you see it. So we’re down to a matter of hours after.”

Crane says that because the Packetloop service is based on packet capture data, there’s no information lost in processing. “It’s not a log and then the correlation of the log with another log, then presented via some engine. You’re looking at the raw data. And if I want to go back and revisit the data, I can do that.”

After processing, data is presented in a Google Analytics-style Web interface. Users can narrow scope down to a particular timeframe (including drilling down to a visual minute-by-minute breakdown). Pivot tables let users view attacks by origin, type and target, as well as time.

Attack statistics can also be compared against global averages.

Some 250 users participated in the Packetloop beta, ranging from “huge security companies” to security consultancies, government and academics, Crane said.

Although Packetloop is offered as an internet-delivered service, the company is also investigating the potential to offer an appliance-based option for customers.

Packetloop charges US$4.99 per gigabyte per month for uploads up to one terabyte, and US$2.99 per GB per month for uploads up to 10TB.

Leave a Reply

Please Answer: *