Advanced Security Network Metrics

10x richer information on network traffic collected and analyzed than NetFlow

Going Deeper, Knowing More

Mendel's unique Advanced Security Network Metrics (ASNM) protocol is used to monitor over 70 features (attributes) of each individual network flow. For each network flow, information about source and destination, duration, data and content sizes, various packet counters, and performance information is generated. This means Mendel learns to distinguish normal flow characteristics from malicious, non-human behaviors, without the need to decode or decrypt the data.

Since NetFlow only uses about 10 features, GreyCortex Mendel is much more sensitive and effective in the detection of malicious and other unwanted behavior. Another difference between GreyCortex Mendel and NetFlow is that Mendel uses proper and consistent bidirectional network flows which enables us to identify the beginning and the end of each flow (even non-TCP) and determine most of the requests and responses they contain and not necessarily ones split into 1 to 5 minute intervals.

Deep visibility is provided natively by our ASNM engine (to ISO/OSI Layer 7 - application layer). The information content is fully reconstructed to allow Deep Packet Inspection (DPI) techniques to extract application-specific metadata for more than 15 protocols including HTTP, DNS, SMB, HTTPS, SSL/TLS, DHCP, MSSQL, MODBUS, SMTP, SSH etc. Application protocols are continuously added in new versions of GREYCORTEX MENDEL.

GreyCortex launch

Why ASNM

  • More robust behavioral detection
  • Enables application performance monitoring
  • Rich traffic metadata for easy incident investigation
  • Consistent & bidirectional flow recording