Aussie startup Packetloop turns big data APT forensics into Arbor Networks success

Scott Crane, co-founder  and CEO of Packetloop

Scott Crane, co-founder and CEO of Packetloop

Sydney startup Packetloop is looking forward to rapid expansion of its five-person business after its big data security technology was snapped up by security giant Arbor Networks, which will integrate Packetloop’s novel analysis tools into its NetFlow security platform.

The company – which was founded less than three years ago as a way of improving forensic analysis of network security compromises – produces a big-data tool that intercepts, displays and archives all network traffic passing network taps.

A detailed analysis toolkit allows investigators to rewind and fast-forward through the network traffic stream, allowing them to pick out particular types of traffic and follow its during a particular time period. Historical data can be re-scanned against an ever-growing cloud database of threats, allowing the detection of past infections by attacks that have only been discovered subsequently.

The technique – which co-founder and CEO Scott Crane likens to re-testing athletes’ years-old drug-test samples against modern detection tools – is invaluable for picking out the subtle traces of advanced persistent threats (APTs), which often fly under the radar by keeping network activity to an absolute minimum. And, by using raw data instead of relying on server logs, the system can pick up activity that may normally be ignored by traditional log-based security environments.

It won’t necessarily stop an APT in mid-flight, but the company’s technology is proving to be a favourite with forensic analysts who are “time poor and under heaps of pressure to get results,” Crane told CSO Australia.

“Because we deal with taps we can take it anywhere on the network, and we’re not reliant on logs or parsers. We wanted to deliver a tool that would be high yield, and we’re very strong on the visualisation aspect so they can zoom in and out, and understand what the data is telling them. The moment we ingest that packet, and capture that data, we’re processing it and analysing it onscreen for the analyst.”

Such capabilities bring new visibility to the process of security discovery, which has become an increasingly important function in security-conscious businesses and security response teams that have “whole departments dedicated to trolling through data looking for things they’ve missed", Crane said.

The process comes at a resource cost, Crane conceded: a “really big organisation” might generate 1 to 2 terabytes of network data in a day, or around 700TB of data per year.

Packetloop has addressed this issue by building its archival capabilities in the Amazon Web Services cloud, allowing for scalability and instant access on a per-gigabyte, per-month basis. It’s also planning to bundle the capabilities into a standalone appliance with a substantial disk capacity for data storage.

Packetloop’s technology will be integrated with the Arbor Networks product family in coming months, with Packetloop retaining its Sydney operations and expecting to hire “a dozen or so” new staff to ramp up its capabilities.

“It’s a huge thing for security in Australia, and startups in Australia,” Crane said, noting that in Arbor “we’ve met a team of people that’s culturally almost identical to where we are today, just bigger. They’re passionate, focused, committed professionals that have fun getting the job done.”

Join the CSO newsletter!

Error: Please check your email address.

Tags PacketLooparbor networksAPTsbig data

More about Amazon Web ServicesAmazon Web ServicesAPTArbor NetworksArbor NetworksCSOScott Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts