Agent enables Network Detection and Response (NDR) capabilities for AWS cloud environments. NDR alerts and metadata represent the ground truth of network activity and allow detection of highly sophisticated cyber threats. By strategically deploying Agents in AWS environments, organizations can perform in-depth traffic analysis of their network segments and valuable assets.
Agent is built on the industry-leading network traffic inspection technologies Zeek (formerly Bro) and Suricata. Zeek delivers network metadata, such as comprehensive connection telemetry, application-layer transcripts and artifacts, going far beyond NetFlow and other types of flow data. Suricata complements Zeek with rule-based network intrusion alerts based on the top IDS signature dataset. Agent uses AWS VPC Traffic Mirroring to passively listen to the traffic without any network interference.
Contrary to most 3rd party NDR solutions, Agent can act autonomously and is designed for integration with existing SIEM/SOAR cyber monitoring solutions (e.g. Splunk, Elastic, etc.). As a result, Agent seamlessly fits into an existing SecOps process and toolset without reliance on external systems and out-of-network transfer of analytic data.”