NetQuest Introduces Next-Generation Lower Density Streaming Network Sensor

0
76

 NetQuest, the market leading global provider of ultra-scale Flow and Packet-Based network intelligence solutions for cybersecurity visibility today announced the expansion of its Streaming Network Sensor™ portfolio to extend powerful network visibility further out to the network edge. The next-generation SNS750 is a compact one rack unit (1RU), high-performance monitoring appliance that delivers 1:1 unsampled NetFlow with Enriched Flow Intelligence™ for 100% of the packets observed at line rate to enable highly optimized and unobscured visibility into clear and encrypted network traffic.

As organizations are confronted with the massive amount of network traffic to monitor, they struggle with cost-effectively gaining visibility into all network traffic crossing the network estate. Traditionally, network traffic monitoring has been focused at peering points or other high-density aggregation locations due to monitoring device size and high costs. While NetFlow generation has become ubiquitous in routers and switches, these platforms typically provide sampled NetFlow, where only a portion of network traffic is analyzed to limit the undesirable performance impacts from NetFlow creation. While sampling reduces the processing burden on performance-sensitive infrastructure, it also significantly reduces the traffic visibility value and fidelity, which can miss important indicators of malicious threat activity.

The new SNS750 addresses both of these challenges. The SNS750 consolidates and integrates the deployment-proven, ultra-scale DPI classification and Machine Learning Enriched Flow Intelligence capabilities found in the larger and higher density 3RU SNS1000. The SNS750 has been optimized for deployment at the network edge and smaller or space-constrained sites where fewer ports are needed. The compact 1RU platform supports up to four ports of 100 Gigabit Ethernet, and up to 400Gbps of network traffic ingest to support lower density deployments without compromising performance or the depth of enriched traffic visibility. The rich network intelligence delivered by the SNS750 allows operators to achieve unobscured observability of clear and encrypted network traffic to identify evasive and emerging malicious activities sooner in the kill chain.

“The SNS750 enables our powerful carrier-class Streaming Network Sensor technology to be deployed more affordably in areas closer to the user, including mid-tier distribution points, branch offices, smaller PoPs, and remote data centers,” said Jesse Price, president, and chief executive officer, NetQuest. “By combining and integrating the same advanced Enriched Flow Intelligence capabilities found in our higher capacity SNS1000, the SNS750 appliance has been rightsized without compromising performance or scale to meet the mission-critical requirements of service provider, government and enterprise organizations to enable deep and sustained visibility into high-volume, transaction-intensive network traffic for deployment at the network edge.”

The Value of Unsampled Flow Metadata

Organizations everywhere struggle to keep up with the massive amount of network traffic to monitor. The continuous monitoring of network traffic on a single 100 Gigabit (Gb) link can generate up to 45 Terabytes (TB) of raw packet traffic per hour. This equates to more than 1 Petabyte (PB) of traffic per day. Unsampled flow metadata is a direct 1:1 abstraction of network traffic based upon full packet analysis of the wire data. It provides a lower footprint, high-value data set with critical insights about who is connecting to the network and what is being accessed and shared without the burden of collecting, storing, and sifting through massive volumes of network packets at the analysis layer. Translating network traffic one-for-one to metadata results in up to a 99.5% reduction in traffic load and overcomes the unsurmountable challenges network traffic volumes pose to the continuous observation of all traffic in motion. Unsampled Flow-based network visibility is extremely effective at exposing new, unknown malware, zero-day exploits, and attacks that are slow to develop and can identify rogue behavior by network insiders, or insider identities that have been hacked.

Enriched Flow Intelligence

SNS750 provides uncompromising application-level and encrypted traffic visibility that automates and accelerates the detection of threats, anomalous activity, evasive traffic, and Indicators of Compromise (IoC), to enable deep network and user traffic intelligence. With Enriched Flow Intelligence activated, the SNS750 automatically discovers and exposes application classifications, protocol-specific attributes, and encrypted traffic metrics at ultra-scale speeds with no performance impacts or reduction in sensor capacity.

Encrypted Traffic Analysis (ETA)
Identifies encrypted flows and automates the extraction of fingerprints signatures, and heuristics. This enables identifying threats hiding in encrypted traffic such as command and control attacks, malware, and data exfiltration. This includes encrypted traffic analysis of TLS, TLS 1.3, QUIC, SSH and extracting encrypted traffic fingerprints such as JA4, JA3C, JA3S, HASSH.

Protocol and Application-Level Enrichment
Identifies the applications in use and relevant Layer 7 attributes within the network traffic to power deep network and user traffic intelligence that accelerates the detection of threats, anomalous activity, and evasive traffic. This includes identifying 3800+ Layer 7 applications, exposing protocol-specific metadata, such as DNS, HTTP, SIP, BGP, MPLS, SIP, and relevant mobile user details such as IMEI, IMSI, MSISDN.

“Today’s highly distributed computing environments require network observability close to the edge to identify threats before nefarious actors have a chance to penetrate deeper into critical systems,” said Stephen Collins, principal consultant at 1024tm. “Security analysts require in-depth, gigabit-speed, packet-level network intelligence at the edge, and at an affordable price point. NetQuest’s expansion of its Streaming Network Sensor portfolio satisfies this need, providing extensive visibility into traffic flows, including encrypted sessions, to expose threats that would elude less powerful observability platforms.”

Availability

The Network Intelligence provided by the Streaming Network Sensor provides invaluable real-time insights that are easily consumed by a wide range of security platforms such as SIEM, SOAR, XDR, NDR, Threat Detection, and security monitoring, and can be delivered to security data lakes and warehouses that gather network intelligence for multiple security applications. The SNS750 is currently in field trials and will be generally available in early Q2 2024.

About NetQuest
NetQuest provides market-leading Ethernet and WAN Flow and Packet-Based traffic monitoring solutions that deliver the highest levels of accuracy, capacity, and performance at scale. Monitoring solutions from NetQuest are deployment-proven across thousands of network segments in enterprise, carrier, government, and defense agency networks across the globe, empowering security operations teams with high-scale visibility and actionable traffic intelligence. Founded in 1987 and based in Mount Laurel, New Jersey, NetQuest is an employee-owned business with a 30-year track record of providing innovative and market-defining traffic monitoring solutions. For more information, visit https://www.netquestcorp.com.

NetQuest Corporation
Zachary Ziobro
856-866-0860
https://netquestcorp.com

ContactContact

NetQuest's Streaming Network Sensors Product Brief

Categories

  • Business
  • Cloud Computing
  • Computer Programming
  • Computer Security
  • Internet Technology
  • Mobile & Wireless
  • Software
  • Technology
  • Telecommunications