100G Intrusion Detection

 

100GBPS CERNE: INTRUSION DETECTION

100GBPS IDS ENGINE AND ALERT DRIVEN PACKET RECORDER THAT ENABLES 24/7 REAL-TIME NETWORK THREAT MONITORING AND ACCESS CONTROL FOR INTRUSION DETECTION AND PREVENTION

With the rise in the global datasphere only set to accelerate with the advances in IoT and 5G technology, the cyber threat landscape will also continue to grow. Our intrusion detection system, the CERNE, helps protect, secure and guard our customers from attack. The CERNE provides real-time monitoring and historical intrusion detection capabilities helping security analysts detect intrusions, identify suspicious activity and monitor network security by storing IDS alert traffic while reducing unnecessary storage.

The Telesoft CERNE combines a high rate 100Gbps IDS engine with an automated record of relevant network traffic for real-time and historical threat investigation and digital forensics.
CERNE continuously scans and captures network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event. Capture can be configured for a single IP address, port, protocol or combination providing flexible visibility and context around a potential breach.

Automated collection of only relevant traffic by session minimises unnecessary storage, reduces costs and ensures rapid near real-time retrieval.

Take a guided tour around the CERNE 100Gbps IDS & Event Driven Record Platform GUI

 

Benefits

  • Network Intrusion Detection (IDS)

  • SURICATA, SNORT & Syslog Compatible

  • Real-time Monitoring

  • Threat Detection & Management

  • Enables Full Flow/Session Analytics for Detected Threats

  • Advanced Event Correlation

  • Remote Sensor Management

Using widely supported Suricata, the CERNE scans for threat signatures specified in user-definable rules that include an optional property to extract, record and deliver to your SIEM the session content from before and after the alert. Session extraction and recording can also be controlled from threat intelligence logic from within the SIEM, enabling even greater control and intelligence over storage management.

Related Products