As operational technology becomes smarter, the need for network cross-over into the IT environment increases. With the added convenience this brings, comes increased exposure to critical assets. Cybersecurity threats have been observed originating from both sides of the IT/OT gateway. It has become necessary to follow these threats across the OT domain, into IT and out to the internet.
Other OT and ICS network monitoring tools discover assets and alert on anomalies on the OT side, but what happens when the threats cross-over?
Dragonfly {Managed} Network Traffic Analyzer ({M}NTA) is an easy-to-deploy and fully managed Network Traffic Analysis Platform built to analyze IT, OT, and ICS networks. Thiscomprehensive solution provides complete NTA capabilities without the labor and resourcesrequired to manage the application on your own. The Dragonfly {M}NTA service integrates with your current tech stack and can complement your existing MSP or MSSP services. Dragonfly {M}NTA detects threats in your environments, bringing new depths of visibility through multiple detection engines including
EPA Encrypted Payload Analytics: A multi-class deep learning prediction model trained to detectpatterns created by session payload packets size, direction, interarrival time and byte distribution.
DGA Domain Generation Algorithm: A LSTM deep learning network trained to detect domainsgenerated by algorithms designed to evade detection.
DPI Deep Packet Inspection: A proprietary deep packet inspection engine equipped with 250+protocol decoders with signature alerting capabilities.
SRA Session Risk Analytics: A Logic engine utilizing rules to alert on per session-based risk factors.
These Engines provide analysts with the insight they need to protect your company from threats in any environment.
If your company is like most, your security team is already over-burdened with IT security incidents, which can make adding another monitoring tool painful, particularly if the team lacks OT/ICS experience.
Braintrace hears you and is here to help, managing Dragonfly {M}NTA for you from our 24/7 state-of-the-art Security Operations Centers (SOC).
Dragonfly {M}NTA SOC teams triage and investigate alerts triggered by Dragonfly. These teams utilize Dragonfly’s advanced capabilities to analyze proactive threat hunting findings, event-triggered PCAP data, encrypted payload fingerprints, rule-based alerts, and anomalous behavior to validate real-time incidents. The Dragonfly {M}NTA service provides your team with the
COMPLETE VISIBILITY
Dragonfly {M}NTA is designed to view north-south and east-west traffic. It can detect more than 250 different network protocols and applications. This level of visibility allows Dragonfly {M}NTA to visualize the complete network environment, uncovering anomalies and malicious behavior.
Dragonfly identifies an unprecedented number of IOCs, anomalies, and malicious activities. Dragonfly analyzes network connections for bad reputation IP addresses, malicious URL’s, known bad web-site certifications, malware downloads, Tor node traffic and user credentials being sent in cleartext. Braintrace provides protocol customizations based on the client’s needs. Dragonfly {M}NTA delivers a tailored solution experience without the heavy lifting required for implementation.
ENCRYPTED PAYLOAD ANALYTICS
Braintrace understands that security and privacy are paramount. Other NTA vendors require Man-in-the-Middle decrypting for traffic analysis. Encrypted Payload Analytics (EPA) is able to detect threats inside encrypted traffic, withoutthe need for decryption.
A common misconception about encrypted traffic is that it iscompletely unrecognizable. This couldn’t be further from the truth. In fact, as certain features inside the encrypted payload are observed, patterns start to emerge.
Utilizing the latest advancements in deep learning, and taking some cues from cancer research, BraintraceLABS has developed a patent-pending process fordetecting patterns found in the size, direction, and arrival time of network packets.
EPA works like behavioral analysis of the client and server nodes in a network communication. EPA also works very well on cleartext traffic, adding another dimension of detection to the already rich protocol analysis.
SUPPORTED PROTOCOLS
*IT PROTOCOLS
*OT/ICS PROTOCOLS
| AFP | COLLECTD | FLORENSIA | HULU | LOTUS_NOTES | NOE | RADIUS | SOUNDCLOUD | UNKNOWN |
| AIMINI | CORBA | FREE_183 | IAX | MAIL_IMAP | NTOP | RDP | SPOTIFY | UPNP |
| AFP | COLLECTD | FLORENSIA | HULU | LOTUS_NOTES | NOE | RADIUS | SOUNDCLOUD | UNKNOWN |
| AJP | CROSSFIRE | FREE_205 | ICECAST | MAIL_IMAPS | NTP | REDIS | SSDP | USENET |
| AMAZON | CSGO | FREE_53 | IEC-60870-5-104 | MAIL_POP | OCS | REMOTE_SCAN | SSH | VEVO |
| AMAZON_VIDEO | DATASAVER | FREE_69 | IEC-60870-6 | MAIL_POPS | OOKLA | RSYNC | STARCRAFT | VHUA |
| AMQP | DCERPC | FREE_71 | IEC-61850 | MAIL_SMTP | OPC_AE | RTCP | STEALTHNET | VIBER |
| ANYDESK | DEEZER | FREE90 | IFLIX | MAIL_SMTPS | OPC_DA | RTMP | STEAM | VMWARE |
| APPLE | DHCP | FTP_CONTROL | IMO | MAPLESTORY | OPC_HAD | RTP | STUN | VNC |
| APPLE_ICLOUD | DHCPV6 | FTP_DATA | MDNS | OPC_UA | RTSP | SYSLOG | WARCRAFT3 | |
| APPLE_ITUNES | DIAMETER | GIT | IP_EGP | MEGACO | OPENDNS | RX | TARGUS_GETDATA | WAZE |
| APPLE_PUSH | DIRECT_DOWNLOAD_LINK | GITHUB | IP_GRE | MEMCACHED | OPENFT | S7COMM | TEAMSPEAK | WEBEX |
| APPLEJUICE | DIRECTCONNECT | GMAIL | IP_ICMP | MESSENGER | OPENVPN | SAP | TEAMVIEWER | WEBSOCKET |
| APPLESTORE | DISCORD | GNUTELLA | IP_ICMPV6 | MGCP | ORACLE | SFLOW | TELEGRAM | |
| ARMAGETRON | DNP3 | IP_IGMP | MICROSOFT | PANDORA | SHOUTCAST | TELNET | ||
| ASDU_APCI | DNS | GOOGLE_DOCS | IP_IP_IN_IP | MICROSOFT_365 | PASTEBIN | SIGNAL | TEREDO | WHATSAPP_CALL |
| AYIYA | DNSCRYPT | GOOGLE_DRIVE | IP_IPSEC | MINING | PLAYSTATION | SINA | TFTP | WHATSAPP_FILES |
| BACNET | DOFUS | GOOGLE_MAPS | IP_OSPF | MODBUS RTU | PLAYSTORE | SIP | THUNDER | WHOIS_DAS |
| BGP | DOH_DOT | GOOGLE_PLUS | IP_SCTP | MODBUS TCP | POSTGRES | SKINNY | TIKTOK | WIKIPEDIA |
| BITTORRENT | DRDA | GOOGLE_SERVICES | IP_VRRP | MPEGTS | PPSTREAM | SKYPE | TINC | WINDOWS_UPDATE |
| BJNP | DROPBOX | GTP | IPP | MQTT | PPTP | SKYPE_CALL | TLS | WIREGUARD |
| BLOOMBERG | EAQ | GUILDWARS | ISO_TSAP | MS_ONE_DRIVE | PROFINET_CBA | SLACK | TOR | WORLD_OF_KUNG_FU |
| CAPWAP | EBAY | H323 | IRC | MSSQL_TDS | PROFINET_DCP | SMBV1 | TRUPHONE | WORLDOFWARCRAFT |
| CHECKMK | EDONKEY | HALFLIFE2 | KAKAOTALK | MSTEAMS | PROFINET_IO | SMBV23 | TUENTI | XBOX |
| CIP/ENIP | ETHERCAT | HANGOUT_DUO | KAKAOTALK_VOICE | MYSQL | PROFINET_MRP | SMPP | TVUPLAYER | XDMCP |
| CISCOVPN | HOTMAIL | KERBEROS | NATS | PROFINET_MRRT | SNAPCHAT | TWINCAT_IO-RAW | YAHOO | |
| CITRIX | FASTTRACK | HOTSPOT_SHIELD | KONTIKI | NEST_LOG_SINK | PROFINET_PTCP | SNMP | TWINCAT_NV | YOUTUBE |
| CLOUDFLARE | FBZERO | HTTP | LASTFM | NETBIOS | PROFINET_RT | SOAP | TWITCH | YOUTUBE_UPLOAD |
| CNN | FIESTA | HTTP_ACTIVESYNC | LDAP | NETFLIX | PS_VUE | SOCKS | ZABBIX | |
| COAP | FIX | HTTP_CONNECT | NETFLOW | SOMEIP | UBNTAC2 | ZATTOO | ||
| HTTP_DOWNLOAD | LISP | NFS | QQLIVE | SOPCAST | UBUNTUONE | ZMQ | ||
| HTTP_PROXY | LLMNR | NINTENDO | QUIC | SOULSEEK | UNENCRYPTED_JABBER | ZOOM |