NetQuest and ElastiFlow Provide 100G Encrypted Traffic Analysis for Carrier-Scale Threat Hunting
“The increase in encrypted traffic is blinding most traditional security tools, making this the perfect time for our SNS1000 sensor’s encrypted traffic analysis feature set,” said Jesse Price, CEO of NetQuest. Corporation. “We are excited to address one of the most critical network security issues facing our customers: declining threat visibility. »
With a large attack surface and a volume of encrypted traffic on the public internet exceeding 80%, SecOps teams need advanced visibility solutions that can help detect malicious actors who deliberately hide behind encryption protocols standard. Global telecommunications providers are challenged to evolve their network analysis techniques while monitoring a staggering scale of millions of parallel conversations.
The Encrypted Traffic Analysis feature set includes:
· Machine learning and other behavior-based techniques to identify more than 2,500 Layer 7 applications in encrypted and evasive traffic streams.
· Protocol-specific intelligence extracted from standard TLS and QUIC handshakes, including version information, ciphers, and other details of the exchanged encryption certificate.
Identify flow-based fingerprints such as JA3 and HASSH to match known indicators of compromise (IoCs).
“As the use of encryption continues to increase, defenders need increased visibility into encrypted network flows to separate legitimate behavior from malicious activity when decryption is not an option,” said Rob Cowart. , founder and CEO of ElastiFlow. “It’s not just about analyzing network traffic, it’s about an overlay of data and information that our users need to access to make critical security decisions.”
NetQuest and ElastiFlow will present a product demonstration at this week’s RSA conference in San Francisco. The joint application broadcasts information from encrypted TLS and QUIC traffic links operating at 100G. The NetQuest Broadcast Network Sensor generates unsampled stream recordings representing 100% of encrypted traffic conversations, including insightful metadata unique to the encryption protocol used. Metadata is transformed and enriched by ElastiFlow Unified Flow Collector for real-time analysis and threat hunting in the Elastic security stack.
For more information on NetQuest’s streaming network sensors, visit: https://netquestcorp.com/products/streaming-network-sensors
For more information on ElastiFlow’s Unified Flow Collector, visit: https://www.elastiflow.com/product
NetQuest designs, manufactures and markets advanced cyber intelligence solutions for network service providers, large enterprises and government agencies for national defense and network security applications. Founded in 1987 and based in Mount Laurel, New Jersey, NetQuest is an employee-owned company. With 30 years of experience delivering industry-leading IT solutions, NetQuest has developed a global customer base, marketing directly and through a network of strategic partners, value-added resellers and representatives.
ElastiFlow provides the world’s most scalable and powerful network performance and security analysis solutions. Networks and the people who design, deploy and maintain them are the unsung heroes of the modern world we live in. Whether for business, healthcare, entertainment, or socializing, we all depend on the reliability, performance, and security of network infrastructure. With support for over 6700 network traffic attributes from hundreds of providers, ElastiFlow was created to provide the visibility and insights needed to make this world possible.