ProtectWise Intrustion Detection System (IDS)
What is ProtectWise
ProtectWise Grid is a full PCAP solution designed specifically for security and incident response use cases. Leveraging an advanced architecture for retrieval, storage and processing, ProtectWise Grid delivers a far more robust feature set than legacy PCAP security solutions. While delivering traditional search and retrieval functions, ProtectWise Grid extends the platform to incorporate built-in threat intelligence, event correlation and curation, IDS processing, static file analysis, retrospective analysis, custom intelligence feeds, machine learning and workflow methodology.
ProtectWise is designed to provide incident response teams with actionable intelligence beyond raw PCAP retrieval. ProtectWise Grid is a platform that integrates across exiting enterprise security architectures while empowering incident responders to effectively uncover, identify, hunt, and mitigate cyber attacks.
ProtectWise Grid - Key Advantages
Wisdom Engine - Automated and Continuous Threat Detection
ProtectWise Grid's adaptive threat engine leverages its cloud paradigm to deliver both real time and retrospective threat detection. By continuously analyzing the full fidelity network data, the Wisdom Engine provides more complete threat detection through a hierarchy of expert systems:
Correlated Threat Intelligence
Reputation (IP, IRL, DNS) as well as network threat intelligence combs the data. Advanced network intelligence analyzes contextual flows, protocol discovery, device behavior, kill chain analysis. The engine leverages correlation, heuristics, behavioral analysis, and machine learning.
Time Machine Analytics
Unlike physical appliances and on-premise storage approaches, ProtectWise benefits from the retrospective view of network traffic. New threat intelligence is automatically processed against the entire stored data set to uncover latent threats that slipped past perimeter defensive technologies.
Built with highly scalable big data search methodologies, the ProtectWise Grid has layered a high performance visualization methodology that allows querying of massive data sets in seconds. The interface is both imaginative and intuitive with a number of features developed by special effects technicians for an easy to navigate and futuristic look and feel.
Integrations and APIs
The platform is designed to work cohesively with existing security products and investments. ProtectWise Grid provides direct integrations to existing products including:
● Palo Alto Networks
● Carbon Black
● Splunk (including a Splunk app)
Additionally, through partnerships with Demisto and Phantom Cyber, ProtectWise can further integrate with hundreds of security products and technologies.
Built with a complete API access methodology, ProtectWise can be extended by customers to address unique requirements not supported by traditional integrations.
For More Information: