Network Security

BigPROBE

The Secure&View©service can be complemented with advanced monitoring of security threats through our BigPROBE probe, developed by Secure&IT engineers. BigPROBE is based on open source and adapts to the advanced threat monitoring and analysis systems of our BigSIEM solution, where four major systems are merged: BigDATA, Threat Analyzer, Dynamic Malware Analyzer and Intelligence Engine.

BigPROBE is a fundamental element in the protection of a network infrastructure as it is capable of detecting all types of attacks, both vertical and horizontal:

• Connections with known attackers
• Spam traffic
• Scans
• Spiders
• Malware distribution attempts
• Ransomware
• TOR Network Connections
• Proxy connections
• Connections to sites of low reputation
• Connections to new or low reputation domains
• Illegal DNS requests
• Massive explorations
• Anonymous attackers
• Attacks on services
• Malware

BigPROBE only requires visibility of traffic, usually provided through a mirror port on the network electronics (users, servers, or both). It is installed behind existing defenses and is available in hardware and virtual versions.

The probe works by comparing the analyzed traffic with more than a hundred sources of information (intelligence feeds) that Secure&IT manages and uploads to the probe on a daily basis (from sources such as Badips, AlienVault, VirusTotal, SORBS, SpiderLabs, Snort, Suricata, etc., to specific signatures provided to Secure&IT by INCIBE, CCN-CERT or other CERTs).

As for the response, BigSIEM takes care of analyzing the information provided by the probe, together with the information provided by the firewalls. Thus, we can determine whether it is really an attack or a false positive. If the attack is confirmed, and if a rule in the firewall can neutralize it, BigSIEM will carry out the process automatically. However, to apply this function, the firewall must be integrated with Secure&View.

BigPROBE – NDR

We also have the BigPROBE -NDR option, which includes all the functions of NTSA, but also has NDR technology. It is able to identify each element, function and behavior within the network and generate events when that behavior varies.