Deploying security-analytics-as-a-service to dissect network attacks

Packetloop is a new cloud-based service that lets users drill down into network attacks based on uploaded packet captures

Sydney-based start-up Packetloop has gone live with its security-analytics-as-a-service offering. The service came out of private beta earlier this month.

The service, which leverages Amazon Web Services' cloud, lets users upload full network packet captures, which are then analysed by Packetloop to produce a record of attacks against an organisation's network, complete with visualisations.

"First and foremost it's about analytics," Packetloop CEO and co-founder Scott Crane says. "Getting analytics into the hands of the average security user."

The service encourages users to maintain full records of network traffic, allowing them to trawl through past data when threat profiles are updated to discover zero day attacks, and letting users track APTs from their inception.

Network packets can be captured through switch port mirroring. After the data is processed on-premise by tools such as Wireshark or Pcapper, packet capture files can be uploaded to Packetloop.

Ease of use and the speed with which Packetloop can be employed by organisations are selling points for Crane

"It's a lot less integration than a SIEM [Security Information and Event Management], from the point of view of having to bring in agents and collectors then set up all these parsers that interpret the log and write it into the SIEM's format," Crane says.

"I think our biggest push, and one of the reasons we're in Amazon, is accessibility," he adds. "So if you look at our biggest competitors in this space, they're all appliance driven and they're expensive, on-premise solutions.

"If you want to go out and use one of our competitors tomorrow it's difficult. If you want to use us tomorrow, you run the packet capture, upload the packet capture, we process it and you see it. So we're down to a matter of hours after."

Crane says that because the Packetloop service is based on packet capture data, there's no information lost in processing. "It's not a log and then the correlation of the log with another log, then presented via some engine. You're looking at the raw data. And if I want to go back and revisit the data, I can do that."

After processing, data is presented in a Google Analytics-style Web interface. Users can narrow scope down to a particular timeframe (including drilling down to a visual minute-by-minute breakdown). Pivot tables let users view attacks by origin, type and target, as well as time.

Attack statistics can also be compared against global averages.

Some 250 users participated in the Packetloop beta, ranging from "huge security companies" to security consultancies, government and academics, Crane said.

Although Packetloop is offered as an internet-delivered service, the company is also investigating the potential to offer an appliance-based option for customers.

Packetloop charges US$4.99 per gigabyte per month for uploads up to one terabyte, and US$2.99 per GB per month for uploads up to 10TB.

Rohan Pearce is the editor of Techworld Australia and Computerworld Australia. Contact him at rohan_pearce at

Follow Rohan on Twitter: @rohan_p

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cloud computing

More about Amazon Web ServicesGoogleScott Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Rohan Pearce

Latest Videos

More videos

Blog Posts