Mendel Analyst

The Most Advanced Security Network Traffic Analysis

GREYCORTEX MENDEL is a solution for advanced network security and performance monitoring for enterprise, government and other critical infrastructure.

It dramatically improves the capabilities of security and network operations departments for rapid detection and response to security and other incidents.

Its advanced machine learning, unique specialized algorithms and deep insight into network traffic make the detection of advanced threats and other behavioral anomalies more sensitive and reliable while decreasing the cost of operation.

GreyCortex launch

Why MENDEL Analyst

  • Continuous security monitoring
  • Rapid detection & response
  • Powerful detection capabilities
  • Deep visibility into the internal network
  • Powerful and easy to use

Artificial Intelligence in Behavioral Detection

Unlike most solutions, MENDEL Analyst is not dependent on manually set rules (thresholds). Instead, its advanced artificial intelligence (Machine Learning) and Data Mining automatically generate rules for anomaly detection relevant for a particular network or device. These rules describe behavior of the whole network, each subnetwork, hosts and services. The rules gradually and automatically adapt as traffic and threats in the network evolve to effectively pinpoint malicious and anomalous behavior.

Artificial Intelligence

Much More Capable than NetFlow

MENDEL Analyst collects several times more information on network traffic than NetFlow, IPFIX or similar protocols. NetFlow or IPFIX records are enhanced with security parameters and performance analysis. These include frequency, spectral and traffic content features which are crucial for more sensitive behavioral detection.

More than NetFlow

Robust Detection Capabilities

Most specialized security technologies deal only with certain attack vectors, such as network threats to endpoints, and miss a range of other vectors such as infections outside of the network (especially important in case of BYOD policies) or threats targeting servers, databases etc. This has significant limitations that MENDEL Analyst is designed to overcome.

MENDEL Analyst focuses on the entire enterprise infrastructure and all network traffic. Apart from general anomaly detection capabilities, it uses specialized detection algorithms for detection of malicious behavior, distinguishing machine and human behavior and more traditional signature-based detection.

Artificial Intelligence

Flow-based and Packet-based Technology

Instead of relying on older and limited SNMP polling, MENDEL leverages flow-based and content-based monitoring. Flow-based monitoring provides near real-time (1 minute intervals) visibility into network statistics and other summary and detailed issues. Deep content inspection (DCI) extends this information with real-time comprehensive contextual metadata (user identity, applications, for example).

Flow-based and Packet-based Technology

Application Monitoring and More

MENDEL Analyst constantly monitors communication of users and network applications of all ports and on TCP, UDP, ICMP and many other protocols. This enables monitoring of current and average bandwidth, response times, transit times, delay, jitter, ports in use, connection peers and more.

Application Monitoring and More

Powerful Forensics

MENDEL Analyst generates metadata of network communication providing full contextual awareness – for example destination and source, user's identity and application protocol. It also integrates selective on-demand packet capture. Unlike technologies based on full packet capture, it allows the metadata on network traffic to be stored for a much longer time with low demands on storage capacity. This includes metadata of application protocols such as HTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP, SSH, DNS, IRC, VNC, RDP, XMPP, IMAP, SIP, ICQ, SSH, MySQL, MS SQL.

Powerful Forensics

Easy to Use

The web user interface presents comprehensive information about network traffic: From management overviews, through aggregated information on communication of the network, subnetworks, users and applications, communication of peers, to details concerning individual flows and their content to precisely investigate interesting events. Users can use its powerful capabilities to filter and sort the data in any way.

Easy to Use

Detection Methods

  • Signature based detection
  • Deep packet inspection
  • Network Behavior Analysis
  • Specialized algorithms
  • Network performance monitoring
  • Application performance monitoring

Other Components

  • SIEM & LDAP connectors
  • Risk Assessment
  • Advanced Reporter

Data Sources

  • SPAN / mirrored port
  • 0.5 – 10Gbps per line
  • Complementary sources: NetFlow & IPFIX, security events from endpoints