Deploying security-analytics-as-a-service to dissect network attacks

Packetloop is a new cloud-based service that lets users drill down into network attacks based on uploaded packet captures

Sydney-based start-up Packetloop has gone live with its security-analytics-as-a-service offering. The service came out of private beta earlier this month.

The service, which leverages Amazon Web Services' cloud, lets users upload full network packet captures, which are then analysed by Packetloop to produce a record of attacks against an organisation's network, complete with visualisations.

"First and foremost it's about analytics," Packetloop CEO and co-founder Scott Crane says. "Getting analytics into the hands of the average security user."

The service encourages users to maintain full records of network traffic, allowing them to trawl through past data when threat profiles are updated to discover zero day attacks, and letting users track APTs from their inception.

Network packets can be captured through switch port mirroring. After the data is processed on-premise by tools such as Wireshark or Pcapper, packet capture files can be uploaded to Packetloop.

Ease of use and the speed with which Packetloop can be employed by organisations are selling points for Crane

"It's a lot less integration than a SIEM [Security Information and Event Management], from the point of view of having to bring in agents and collectors then set up all these parsers that interpret the log and write it into the SIEM's format," Crane says.

"I think our biggest push, and one of the reasons we're in Amazon, is accessibility," he adds. "So if you look at our biggest competitors in this space, they're all appliance driven and they're expensive, on-premise solutions.

"If you want to go out and use one of our competitors tomorrow it's difficult. If you want to use us tomorrow, you run the packet capture, upload the packet capture, we process it and you see it. So we're down to a matter of hours after."

Crane says that because the Packetloop service is based on packet capture data, there's no information lost in processing. "It's not a log and then the correlation of the log with another log, then presented via some engine. You're looking at the raw data. And if I want to go back and revisit the data, I can do that."

After processing, data is presented in a Google Analytics-style Web interface. Users can narrow scope down to a particular timeframe (including drilling down to a visual minute-by-minute breakdown). Pivot tables let users view attacks by origin, type and target, as well as time.

Attack statistics can also be compared against global averages.

Some 250 users participated in the Packetloop beta, ranging from "huge security companies" to security consultancies, government and academics, Crane said.

Although Packetloop is offered as an internet-delivered service, the company is also investigating the potential to offer an appliance-based option for customers.

Packetloop charges US$4.99 per gigabyte per month for uploads up to one terabyte, and US$2.99 per GB per month for uploads up to 10TB.

Rohan Pearce is the editor of Techworld Australia and Computerworld Australia. Contact him at rohan_pearce at idg.com.au.

Follow Rohan on Twitter: @rohan_p

Tags: security, cloud computing

Lower costs help NZ pip Australia for F5 Networks support centre

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security That Fits

Improve the effectiveness of your security or get unique network threat discovery and remediation

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.