sycope Security Modul

Sycope is a network monitoring and security solution using real-time flow analysis, enriched with business context, to help businesses assess performance and protect IT infrastructure. It records, processes, and analyses all parameters contained in flows, enhanced by SNMP, geolocation, and security feeds. Sycope is designed to discover network events and issues, measure delays and identify security threats. The security feature of Sycope is created based on the MITRE ATTACK methodology. Rules and security incident detection mechanisms make it possible to detect attacks and undesirable activities on the network.

Key benefits

Smarter network monitoring

Ensure optimal network and application performance

Analysing data having context

From generality to forensic detail

Avoiding downtime, while it is still possible

Reduce risk and avoid costs

Reducing time to response

Comfort of work during peak times, thanks to high efficiency

Flexibility & Customisation

Contextual search bar, Custom dashboards and widgets

System coherency

3 modules, one informative GUI

Key Features

Real-time flow analysis

• NetFlow v5/9, IPFIX, NSEL, sFlow, sampling supports
• Enhanced by SNMP, geolocation, security feeds
• Data deduplication
• NQL proprietary language
• Support for IPv4, IPv6
• Non-standard fields analysis including NAT, MPLS

Big Data dedicated for network observability

Analyse data choosing from many fields:

AS Name by IP, IP Address Name, AS Names, Application Name, Protocol Name, Server IP, Name, Client IP Name, AS Name, ToS Names, Interface Name, Exporter IP (Name), Exporter Location, Exporter Description, ToS Name, Direction, Application ID, Server TCP Flags, Client TCP Flags, Bytes, Packets.

Analyse non-standard flow fields:

PostNatSrcIp, postNatSrcPort, applicationId, firewallEvent, fwExtEvent, minPacketLength, maxPacketLength, flow- Label, clientMaxTtl, srcVlan, dstVlan, ipv6OptionHeaders, mplsLabel1-5, retransmittedInPackets, retransmittedOut- Packets, retransmittedInBytes, retransmittedOutBytes, clientNetworkTime, serverNetworkTime, initialServerResponseTime.

Choose from multiple calculated metrics (calculated based on flow fields):

Sum Flows/s; Sum Out Bits/s, Sum In Bits/s, Sum Bits/s, Sum Server Bits/pkt, Sum Client Bits/pkt, Sum Bytes/ packet, Sum Packets/flow, Sum Packets/second, Sum Client Bits/flow, Sum Server Bits/flow, Sum Bytes, Sum Server Packets/flow, Sum Client Packets/flow, Unique Client Ips, Sum Avg Packets/s, Sum Client Bits/s, Sum Server Bits/s, Sum Server Packets/s, Sum Client Packets/s, Sum Packets, Unique Server Ports, Unique Server Ips, Unique ASNs, Avg Out Packets/s, Avg In Packets/s, Avg Packets/s, Packets/s, Avg Flows/s, % Out Retransmitted Packets, Avg Server Packets/flow, Avg Server Bits/flow, % In Retransmitted Packets, Avg Client Packets/flow, Avg Client Bits/flow, Avg Server Bits/pkt, Avg Client Bits/pkt, Bits/s, Bits.

Select date/time range over standard values:

Choose from predefined or custom timeframes.

Fast access to critical information

The system has been provided with interactive diagrams, tables and maps containing critical data, statistics and indicators, enabling the analysis of network behavior patterns and supporting the incident handling of discovered issues.

Extensive filtering:

• Maintain the time context and filters between views.
• Easily move filters between the views.
• Save complex search filters and time context (bookmarks).

Automatic mapping of values in the system:

• User configurable sets of names, terms, values.
• Out-of-the-box: application names, countries, AS, MITRE techniques.

Easy top-down access:

drilldown mechanisms enable viewing of data for a specific port, interface or IP address.

Access to external services:

• The system enables access to external services, such as VirusTotal, directly from the view under analysis (using right click button) and further analysis of data.
• Feeds server – dynamic identification of the global threats based on integration with the Sycope Cyber Threat Intelligence (CTI) platform.

Key modules features

VISIBILITY

L3 and L4 data analysis, network data mining, lists of connections per IP address, protocol, port, country, ASN or QoS. Network traffic analysis at the level of a single TCP/ UDP port UDP port, out of the box anomaly detection, dedicated dashboards.

PERFORMANCE

L7 analysis, dedicated Sycope probe (including measurements of fields: % Client Retransmitted Packets, % Server Retransmitted Packets). Response time measurement, real-life app performance measurement, retransmissions detection, combine network applications and metrics, additional data sources (DPI for L7), dedicated performance dashboards.

SECURITY

More than 45 security detection rules, detection rules customization. Active mitigation using NAC system, MITRE ATT&CK Framework mapping, Sycope CTI (Actively monitors number of sources, analyses, and generates a unified list of current Indicator of Compromises (IoCs), ability to create custom rules, dedicated security dashboards including SOC.