The Telesoft CERNE combines a high rate 40Gbps IDS engine with automated record of relevant network traffic for real-time and historical threat investigation and digital forensics.
CERNE continuously scans and captures network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event. Capture can be configured for a single IP address, port, protocol or combination providing flexible visibility and context around a potential breach.
Automated collection of only relevant traffic by session minimises unnecessary storage, reduces costs and ensures rapid near real-time retrieval.
Take a guided tour around the CERNE 40Gbps IDS & Event Driven Record Platform GUI
Using widely supported Suricata, the CERNE scans for threat signatures specified in user definable rules that include an optional property to extract, record and deliver to your SIEM the session content from before and after the alert. Session extraction and recording can also be controlled from threat intelligence logic from within the SIEM, enabling even greater control and intelligence over storage management.