About Intuitive Labs

Real Network Security is About Real-time Judgemenet

We build real-time network security. Traditional approaches based on application-intelligence (Application Layer Gateways, Deep Packet Inspection) are having hard time to identify threats due to advances in traffic encryption, application complexity and security attack sophistication. We are developing security solutions that work real-time, do not require deep application awareness and stop illegitimate traffic quickly even before it hits servers or end-devices.

VoIP is a great example how state-of-the-art network protection needs to be advanced. Security threats have gained in complexity, Caida reported DDoS attack "Slash Zero" back in 2011 using three million bots[1]. That means the attack was at the same time very powerful and hard to detect. Definitely a type of situation that cannot be handled using manual intervention: rapid automated response is required. A vulnerable VoIP system can otherwise easily generate six to seven digit bill over weekend. DPI is difficult due to use of encryption and signaling complexity and even specialised Session Border Controllers often leg behind attack's sophistication.

Our solution therefore attacks network security problems from a different angle. We collect logs, analyse them in real-time and eliminate traffic from undesired sources. This approach is emerging as "Security Information Event Management" (SIEM). We combine big data with intuition about what network traffic is inappropriate and we manage network rules to eliminate such using SDN instruments. All of this in real-time to block the inappropriate traffic already at network ingress before the attacks can develop. The centralised nature of collected intelligence is good to keep pace with modern attacks scattered over sources, destinations and applications. This is particularly important in cloud environments where machines are ephemeral, launch and terminate quickly, and network needs to have a consistent picture of network incidents.

Keywords:

  • Obsolete: #DeepPacketInspection #DPI #IntrusionDetectionSystem #IDS
  • New: #SecurityInformationEventManagement #SIEM #SecurityThatWorksInCloud #SoftwareDefinedNetworks #SDN