Advanced Security Network Metrics

10x richer information on network traffic collected and analyzed than NetFlow

Going Deeper, Knowing More

A unique Advanced Security Network Metrics (ASNM) protocol is used for monitoring over 70 features (attributes) of each individual network flow. For each network flow, information about source and destination, duration, data and content sizes, various packet counters and performance and spectral (signal processing) information is generated so Mendel can learn to distinguish normal flow characteristics from some types of malicious ones, even without the need to decode or decrypt the data.

Since NetFlow only uses about 10 features, GreyCortex Mendel is much more sensitive and effective in the detection of malicious and other unwanted behavior. Another difference between GreyCortex Mendel and NetFlow is that Mendel uses proper and consistent bidirectional network flows which enables us to identify the beginning and the end of each flow (even non-TCP) and determine most of the requests and responses they contain and not necessarily ones split into 1 to 5 minute intervals.

This is accomplished by the (ISO/OSI Layer 7) application detection (also known as NBAR). The information content is fully reconstructed to allow Deep Packet Inspection (DPI) techniques extract application-specific metadata for almost 1,000 application protocols including transferred files and related metadata even in tunneled traffic as described in the DPI section.

GreyCortex launch

Why ASNM

  • More robust behavioral detection
  • Enables application performance monitoring
  • Rich traffic metadata for easy incident investigation
  • Consistent & bidirectional flow recording