Full network analysis and visibility has become increasingly important in the face of what Solera characterizes as next-generation threats, such as Stuxnet, advanced persistent threats (APTs), bots, sophisticated malware and massive insider incidents, such as WikiLeaks.
"Advanced persistent threats is the whole reason to be for network forensics," says Pete Schlampp, Solera VP of marketing and product management. "Once they get on your network, they have multistage and multivector capabilities and can morph identify." Network forensics allow organizations to analyze the changes over time, identify the root causes and remediate.
The new DPI capabilities enable Solera to identify 500 applications, which it organizes into 28 families. Solera says that it extracts some 5,000 descriptive details to support its analysis and reporting. The 5.0 engine automatically generates high levels of detail about applications. For example, previously you had to deconstruct an e-mail message to obtain the address and other information. Now, you can automatically extract information such as sender, recipient, subject line and attachments from Gmail.
The geolocation feature creates visual maps of traffic between IP addresses, enabling operators and analysts to quickly begin to identify and address issues.
"The geolocation piece has increased productivity insanely," says the defense contractor security administrator. "Before, I had to load another tool to trace where the IP was. Now it's all integrated in one." Data can be exported in a file to Google Earth.
