Deploying security-analytics-as-a-service to dissect network attacks

Packetloop is a new cloud-based service that lets users drill down into network attacks based on uploaded packet captures

Sydney-based start-up Packetloop has gone live with its security-analytics-as-a-service offering. The service came out of private beta earlier this month.

The service, which leverages Amazon Web Services' cloud, lets users upload full network packet captures, which are then analysed by Packetloop to produce a record of attacks against an organisation's network, complete with visualisations.

"First and foremost it's about analytics," Packetloop CEO and co-founder Scott Crane says. "Getting analytics into the hands of the average security user."

The service encourages users to maintain full records of network traffic, allowing them to trawl through past data when threat profiles are updated to discover zero day attacks, and letting users track APTs from their inception.

Network packets can be captured through switch port mirroring. After the data is processed on-premise by tools such as Wireshark or Pcapper, packet capture files can be uploaded to Packetloop.

Ease of use and the speed with which Packetloop can be employed by organisations are selling points for Crane

"It's a lot less integration than a SIEM [Security Information and Event Management], from the point of view of having to bring in agents and collectors then set up all these parsers that interpret the log and write it into the SIEM's format," Crane says.

"I think our biggest push, and one of the reasons we're in Amazon, is accessibility," he adds. "So if you look at our biggest competitors in this space, they're all appliance driven and they're expensive, on-premise solutions.

"If you want to go out and use one of our competitors tomorrow it's difficult. If you want to use us tomorrow, you run the packet capture, upload the packet capture, we process it and you see it. So we're down to a matter of hours after."

Crane says that because the Packetloop service is based on packet capture data, there's no information lost in processing. "It's not a log and then the correlation of the log with another log, then presented via some engine. You're looking at the raw data. And if I want to go back and revisit the data, I can do that."

After processing, data is presented in a Google Analytics-style Web interface. Users can narrow scope down to a particular timeframe (including drilling down to a visual minute-by-minute breakdown). Pivot tables let users view attacks by origin, type and target, as well as time.

Attack statistics can also be compared against global averages.

Some 250 users participated in the Packetloop beta, ranging from "huge security companies" to security consultancies, government and academics, Crane said.

Although Packetloop is offered as an internet-delivered service, the company is also investigating the potential to offer an appliance-based option for customers.

Packetloop charges US$4.99 per gigabyte per month for uploads up to one terabyte, and US$2.99 per GB per month for uploads up to 10TB.

Rohan Pearce is the editor of Techworld Australia and Computerworld Australia. Contact him at rohan_pearce at idg.com.au.

Follow Rohan on Twitter: @rohan_p

Join the CSO newsletter!

Error: Please check your email address.

Tags securitycloud computing

More about Amazon Web ServicesGoogleScott Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rohan Pearce

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place