The data, collected via small appliances throughout the network and at its perimeter, can also be used as a resource for forensic investigations into incidents.
FLOWER has been deployed in more than 100 government and business networks since 2010. It has detected and mitigated coordinated attacks and used to create attack signatures.
This platform analyzes network behaviors to identify likely malicious behavior to stop attacks including zero-days for which there are no signatures.
Network events are fed to its analysis engine from existing sensors. The engine incudes knowledge nodes, analysis segments tuned to certain types of network behaviors such as failed or successful SMTP attempts or failed Internet connections. Based on historical behavior, each new event is characterized as normal or abnormal.
These characterizations are fed to hypothesis nodes that conclude whether observed behavior indicates malicious activity. If malicious activity is spotted SilentAlarm can send an alert or intervene.
Sign up for Computerworld eNewsletters.