Header-Graphic-2 new white
As operational technology becomes smarter, the need for network cross-over into the IT environment increases. With the added convenience this brings, comes increased exposure to critical assets. Cybersecurity threats have been observed originating from both sides of the IT/OT gateway. It has become necessary to follow these threats across the OT domain, into IT and out to the internet.
Other OT and ICS network monitoring tools discover assets and alert on anomalies on the OT side, but what happens when the threats cross-over?
Dragonfly {Managed} Network Traffic Analyzer ({M}NTA) is an easy-to-deploy and fully managed Network Traffic Analysis Platform built to analyze IT, OT, and ICS networks. Thiscomprehensive solution provides complete NTA capabilities without the labor and resourcesrequired to manage the application on your own. The Dragonfly {M}NTA service integrates with your current tech stack and can complement your existing MSP or MSSP services. Dragonfly {M}NTA detects threats in your environments, bringing new depths of visibility through multiple detection engines including

EPA Encrypted Payload Analytics: A multi-class deep learning prediction model trained to detectpatterns created by session payload packets size, direction, interarrival time and byte distribution.

DGA Domain Generation Algorithm: A LSTM deep learning network trained to detect domainsgenerated by algorithms designed to evade detection.

DPI Deep Packet Inspection: A proprietary deep packet inspection engine equipped with 250+protocol decoders with signature alerting capabilities.

SRA Session Risk Analytics: A Logic engine utilizing rules to alert on per session-based risk factors.

These Engines provide analysts with the insight they need to protect your company from threats in any environment.
If your company is like most, your security team is already over-burdened with IT security incidents, which can make adding another monitoring tool painful, particularly if the team lacks OT/ICS experience.
Braintrace hears you and is here to help, managing Dragonfly {M}NTA for you from our 24/7 state-of-the-art Security Operations Centers (SOC).
Dragonfly {M}NTA SOC teams triage and investigate alerts triggered by Dragonfly. These teams utilize Dragonfly’s advanced capabilities to analyze proactive threat hunting findings, event-triggered PCAP data, encrypted payload fingerprints, rule-based alerts, and anomalous behavior to validate real-time incidents. The Dragonfly {M}NTA service provides your team with the

COMPLETE VISIBILITY

Dragonfly {M}NTA is designed to view north-south and east-west traffic. It can detect more than 250 different network protocols and applications. This level of visibility allows Dragonfly {M}NTA to visualize the complete network environment, uncovering anomalies and malicious behavior. Dragonfly identifies an unprecedented number of IOCs, anomalies, and malicious activities. Dragonfly analyzes network connections for bad reputation IP addresses, malicious URL’s, known bad web-site certifications, malware downloads, Tor node traffic and user credentials being sent in cleartext. Braintrace provides protocol customizations based on the client’s needs. Dragonfly {M}NTA delivers a tailored solution experience without the heavy lifting required for implementation.

ENCRYPTED PAYLOAD ANALYTICS

Braintrace understands that security and privacy are paramount. Other NTA vendors require Man-in-the-Middle decrypting for traffic analysis. Encrypted Payload Analytics (EPA) is able to detect threats inside encrypted traffic, withoutthe need for decryption.
A common misconception about encrypted traffic is that it iscompletely unrecognizable. This couldn’t be further from the truth. In fact, as certain features inside the encrypted payload are observed, patterns start to emerge.
Utilizing the latest advancements in deep learning, and taking some cues from cancer research, BraintraceLABS has developed a patent-pending process fordetecting patterns found in the size, direction, and arrival time of network packets.
EPA works like behavioral analysis of the client and server nodes in a network communication. EPA also works very well on cleartext traffic, adding another dimension of detection to the already rich protocol analysis.

SUPPORTED PROTOCOLS

*IT PROTOCOLS *OT/ICS PROTOCOLS
AFP COLLECTD FLORENSIA HULU LOTUS_NOTES NOE RADIUS SOUNDCLOUD UNKNOWN
AIMINI CORBA FREE_183 IAX MAIL_IMAP NTOP RDP SPOTIFY UPNP
AFP COLLECTD FLORENSIA HULU LOTUS_NOTES NOE RADIUS SOUNDCLOUD UNKNOWN
AJP CROSSFIRE FREE_205 ICECAST MAIL_IMAPS NTP REDIS SSDP USENET
AMAZON CSGO FREE_53 IEC-60870-5-104 MAIL_POP OCS REMOTE_SCAN SSH VEVO
AMAZON_VIDEO DATASAVER FREE_69 IEC-60870-6 MAIL_POPS OOKLA RSYNC STARCRAFT VHUA
AMQP DCERPC FREE_71 IEC-61850 MAIL_SMTP OPC_AE RTCP STEALTHNET VIBER
ANYDESK DEEZER FREE90 IFLIX MAIL_SMTPS OPC_DA RTMP STEAM VMWARE
APPLE DHCP FTP_CONTROL IMO MAPLESTORY OPC_HAD RTP STUN VNC
APPLE_ICLOUD DHCPV6 FTP_DATA INSTAGRAM MDNS OPC_UA RTSP SYSLOG WARCRAFT3
APPLE_ITUNES DIAMETER GIT IP_EGP MEGACO OPENDNS RX TARGUS_GETDATA WAZE
APPLE_PUSH DIRECT_DOWNLOAD_LINK GITHUB IP_GRE MEMCACHED OPENFT S7COMM TEAMSPEAK WEBEX
APPLEJUICE DIRECTCONNECT GMAIL IP_ICMP MESSENGER OPENVPN SAP TEAMVIEWER WEBSOCKET
APPLESTORE DISCORD GNUTELLA IP_ICMPV6 MGCP ORACLE SFLOW TELEGRAM WECHAT
ARMAGETRON DNP3 GOOGLE IP_IGMP MICROSOFT PANDORA SHOUTCAST TELNET WHATSAPP
ASDU_APCI DNS GOOGLE_DOCS IP_IP_IN_IP MICROSOFT_365 PASTEBIN SIGNAL TEREDO WHATSAPP_CALL
AYIYA DNSCRYPT GOOGLE_DRIVE IP_IPSEC MINING PLAYSTATION SINA TFTP WHATSAPP_FILES
BACNET DOFUS GOOGLE_MAPS IP_OSPF MODBUS RTU PLAYSTORE SIP THUNDER WHOIS_DAS
BGP DOH_DOT GOOGLE_PLUS IP_SCTP MODBUS TCP POSTGRES SKINNY TIKTOK WIKIPEDIA
BITTORRENT DRDA GOOGLE_SERVICES IP_VRRP MPEGTS PPSTREAM SKYPE TINC WINDOWS_UPDATE
BJNP DROPBOX GTP IPP MQTT PPTP SKYPE_CALL TLS WIREGUARD
BLOOMBERG EAQ GUILDWARS ISO_TSAP MS_ONE_DRIVE PROFINET_CBA SLACK TOR WORLD_OF_KUNG_FU
CAPWAP EBAY H323 IRC MSSQL_TDS PROFINET_DCP SMBV1 TRUPHONE WORLDOFWARCRAFT
CHECKMK EDONKEY HALFLIFE2 KAKAOTALK MSTEAMS PROFINET_IO SMBV23 TUENTI XBOX
CIP/ENIP ETHERCAT HANGOUT_DUO KAKAOTALK_VOICE MYSQL PROFINET_MRP SMPP TVUPLAYER XDMCP
CISCOVPN FACEBOOK HOTMAIL KERBEROS NATS PROFINET_MRRT SNAPCHAT TWINCAT_IO-RAW YAHOO
CITRIX FASTTRACK HOTSPOT_SHIELD KONTIKI NEST_LOG_SINK PROFINET_PTCP SNMP TWINCAT_NV YOUTUBE
CLOUDFLARE FBZERO HTTP LASTFM NETBIOS PROFINET_RT SOAP TWITCH YOUTUBE_UPLOAD
CNN FIESTA HTTP_ACTIVESYNC LDAP NETFLIX PS_VUE SOCKS TWITTER ZABBIX
COAP FIX HTTP_CONNECT LINKEDIN NETFLOW QQ SOMEIP UBNTAC2 ZATTOO
HTTP_DOWNLOAD LISP NFS QQLIVE SOPCAST UBUNTUONE ZMQ
HTTP_PROXY LLMNR NINTENDO QUIC SOULSEEK UNENCRYPTED_JABBER ZOOM

LEARN MORE

* indicates required