SS8 makes enterprise version of traffic-analysis platform designed for intelligence agencies

SS8 built its network traffic-inspection and analysis platform as a tool for intelligence agencies to discover communications among criminals and terrorists but now has scaled it back for enterprises to stop data breaches.

SS8 built its network traffic-inspection and analysis platform as a tool for intelligence agencies to discover communications among criminals and terrorists but now has scaled it back for enterprises to stop data breaches.

Called BreachDetect, the business-sized software gathers highly detailed network traffic data that discovers application flows and the activity of individual machines and analyzes them to find anomalies that indicate foul play.

The platform also stores the information it collects so it can be analyzed over and over as new threat indicators are identified. That way corporate security pros can discover threats that may have been lurking undetected for months and figure out when and how they got there, SS8 says.

Similar approaches, with variations, are used by TaaSERA, Cybereason, Damballa, LightCyber and Vectra as well as vendors with broader portfolios such as Carbon Black, Black Ensilo, Fireeye, Guidance, Promisec, Resolution1 Security, and Tanium. The basic thrust is to find suspicious behaviors quickly so they can be blocked.

The product SS8 sells to intelligence and law enforcement agencies can process terabits per second, but BreachDetect is pared down to operate at gigabits per second. It also has streamlined workflows built in to make using the analytics more straightforward for less sophisticated users.

Its near-real-time analysis can correlate suspicious activity on the fly to halt data breaches as they unfold, anywhere from reconnaissance to attempts at exfiltrating.

Customers can store the data gathered indefinitely, giving them a historical record of activity that the BreachDetect’s Learning Analytic Engine can comb through again and again as it learns more about actual threats. SS8 calls this capability a time machine for breach detection.

The sensors are deployed at exit points from the customer network to the Internet where it classifies traffic by protocols but works its way down to inspecting flow content.

SS8 charges customers based on two factors: the average monthly rate at which it analyzes data and how long the data is stored. An average rate of 100Mbps costs $1,200 per month. That amount of data is stored for $400 per month. BreachDetect is sold either as an on-premises platform or a cloud service.

Join the CSO newsletter!

Error: Please check your email address.

More about Carbon BlackCustomersCybereason

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place