With the increasing trend of business services and applications leveraging encryption as the leading method of securing data in transit, malicious actors have once again adapted by developing more sophisticated attacks that employ the same technology. By using encryption to mask activities, bad actors can evade detection at organizations that lack the ability to inspect encrypted traffic. One obvious way to mitigate this problem is to analyze encrypted traffic, which is a solution that comes with a price, including the expense of additional manpower, the reallocation of crucial network resources and the time required to investigate alarms.
To tackle this problem head on, the team at Barac (www.barac.io) developed Barac EVT (Encrypted Traffic Visibility). EVT is the next generation of encrypted threat detection. When connected to a standard network tap, it collects and analyzes data travelling through the network, providing real time detection of threats and attacks hidden within encrypted traffic. Analysis is conducted without decrypting source data and is achieved by using network TCP/IP and SSL metadata combined with machine learning and behavioral analytics. This approach allows EVT to detect known attack signatures and anomalous behavior, ultimately delivering a lightweight, accurate solution that increases an organization’s visibility while maintaining security and privacy. EVT successfully stops a variety of attacks including DDoS, XSS/SQL injection, man-in-the-middle, crypto-hacking, phishing, ransomware and data exfiltration.
Barac EVT is available as SaaS or on-premise offerings, is system agnostic, and can be installed and configured in as little as one day. Because of the vast volumes of data EVT processes, EVT requires a minimum of five virtual machines with 32GB of RAM and 16 cores to support the service. The VMs collect network traffic and send it to Barac’s main SaaS platform, where it is monitored for 150 known variations. The resident API allows organizations to complement SOC operations by sharing events, alerts, and other detailed information with a SIEM or console. EVT integrates with IBM Q-Radar, Splunk, LogRhythm, ArcSight, SolarWinds and other SIEM solutions.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.