CySight Anomaly Detection

Uses machine learning and artificial intelligence to quickly detect distributed denial of service attacks (DDoS) and other cyberattacks and anomalous behavior.

Complete retention in the smallest fastest footprint enables full compliance analytics and speedy isolation limiting further impact and risk to your network and connected assets.

CySight provides network and security teams the fastest and most scalable and granular flow-analytics solution available globally with superior and speedy contextual network traffic accounting reporting and alerting. Engineering excellence delivers to you unsurpassed collection, correlation, granular data retention, and diagnostics that automatically extract deep intelligence from huge flow data to quickly detect threats, network misuse, and malicious traffic categorizing and qualifying the seriousness of an anomalous network traffic event.

“Statistics Source: Security Intelligence via IBM”

Using a scalable collection of NetFlow, IPFIX, and sFlow to monitor pervasively, CySight’s unique granular forensics, anomaly detection, threat intelligence, performance, and visual analytics eliminate network blind spots to discover and thwart cyber-attacks, DDoS, Ransomware, APT and Insider Threats with complete application performance, bandwidth, QoS and traffic accounting analytics enabling security and other network issues to be quickly identified accelerating incident response and reducing enterprise risk in even the most challenging environments.

Each attack has its own signatures and generates specific traffic patterns. Network Security Analyst and Performance Engineers have to have full traffic visibility to be able to analyze data from all perspectives to identify new kinds of attack signatures and to set up baselines on devices, interfaces, servers, or locations to alert when changes occur.

See for yourself why CySight scales well beyond any other Netflow-based solution.

CySight’s ability to scale in Flow collection and flexibility makes it an ideal solution for various network usage auditing requirements. The CySight framework has Data Collection Tuning options that allow simultaneous collection of Real-Time and Long-Term data recording. Baseline and Alerting statistics are retained indefinitely for Repeat Offender detection. The Short-Term retention retains salient data at 1-minute increments for as long as needed. Long-Term data recording mechanism can be configured to store data in either increment of 5, 10, 15 30, and 60 minutes and Real-Time data is stored down to the minute for as long as disk space will allow. This enables CySight to be used for trending and baselining identification methods to find either short term attacks or longer slow denial of service attacks or other stealthy attacks.

Anomaly Detection gets smarter the longer it runs and is further enhanced with CySight’s continually updated Threat Intelligence correlation engine.