With the increasing trend of business services and applications leveraging encryption as the leading method of securing data in transit, malicious actors have once again adapted by developing more sophisticated attacks that employ the same technology. By using encryption to mask activities, bad actors can evade detection at organizations that lack the ability to inspect encrypted traffic. One obvious way to mitigate this problem is to analyze encrypted traffic, which is a solution that comes with a price, including the expense of additional manpower, the reallocation of crucial network resources and the time required to investigate alarms.
To tackle this problem head on, the team at Barac (www.barac.io) developed Barac EVT (Encrypted Traffic Visibility). EVT is the next generation of encrypted threat detection. When connected to a standard network tap, it collects and analyzes data travelling through the network, providing real time detection of threats and attacks hidden within encrypted traffic. Analysis is conducted without decrypting source data and is achieved by using network TCP/IP and SSL metadata combined with machine learning and behavioral analytics. This approach allows EVT to detect known attack signatures and anomalous behavior, ultimately delivering a lightweight, accurate solution that increases an organization’s visibility while maintaining security and privacy. EVT successfully stops a variety of attacks including DDoS, XSS/SQL injection, man-in-the-middle, crypto-hacking, phishing, ransomware and data exfiltration.
Barac EVT is available as SaaS or on-premise offerings, is system agnostic, and can be installed and configured in as little as one day. Because of the vast volumes of data EVT processes, EVT requires a minimum of five virtual machines with 32GB of RAM and 16 cores to support the service. The VMs collect network traffic and send it to Barac’s main SaaS platform, where it is monitored for 150 known variations. The resident API allows organizations to complement SOC operations by sharing events, alerts, and other detailed information with a SIEM or console. EVT integrates with IBM Q-Radar, Splunk, LogRhythm, ArcSight, SolarWinds and other SIEM solutions.
What makes EVT unique is that it collects only the most significant data through its proprietary 1MB sensors, giving it a small footprint, which ultimately reduces bandwidth usage when compared to other encryption scanning technologies. The patent pending AI in EVT applies a combination of non-supervised and supervised learning to accurately detect 99.997 percent of all attacks and reduce false positives to 0.0006 percent. It also assists with compliance by validating encryption quality while providing visibility across the entire network infrastructure. EVT is PCI and GDPR compliant and is FIPS Level 3 validated.
The tools in EVT’s dashboard reduce the time required to identify and investigate infrastructure gaps and provides graph analytics that visualize the entire network. This approach helps analysts differentiate between normal and anomalous events by providing the hostnames and IPs of attackers. It also allows them to drill down into the details of questionable traffic. Attack details are summarized in an interactive attack map that correlates data threats by time, type, protocol, hostname, port, country of origin and other pertinent information to aid in forensic investigation.
Barac EVT is subscription based, offering one-, two- and three-year plans, priced per-end point per year. 24/7 support is included with the subscription.
– Matthew McMurray
AT A GLANCE
Product: Barac ETV (Encrypted Traffic Visibility)
Price: Subscription based on one-, two- or three-year plans, per-end point per year, price dependent on the total number of endpoints.
What it does: Detects the difference between authentic and potentially malicious encrypted traffic without the need to decrypt using a combination of data, metadata, and advanced A.I. in real time.
What we liked: Provides accurate detection with a significant reduction in false positives, is easy to implement and manage, and maintains a small footprint.
The Bottom Line: Mitigates the increasing risk of complex cyber-
attacks and malware hidden within encrypted traffic.