MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector to protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss. It dramatically improves security and network operations capabilities to rapidly detect and respond to security incidents and other threats.
As part of its network traffic analysis-based detection, MENDEL uses advanced, unsupervised machine learning and data mining capabilities automatically learn your network and detect anomalies in network traffic. This learning describes the whole network, and every individual subnetwork, host, and service. It automatically adapts to identify malicious and anomalous behavior as traffic and threats evolve in the network - so it's not dependent on manual rules or thresholds like other solutions. For machine learning to be even more effective in threat detection, it must have the ability to be taught by an analyst. MENDEL's machine learning is teachable, meaning it is truly effective as a detection tool in network security.
Effective detection using network traffic analysis requires a detailed data set to accurately detect threats. Some security solutions claim that single protocol data protocols like NetFlow are sufficient. While NetFlow-based solutions rely on less than 10 network traffic metadata attributes, MENDEL uses a proprietary flow protocol, collecting not just NetFlow, but IPFIX, and hundreds of other attributes. This allows MENDEL to use real machine learning and behavioral anomaly detection for more effective protection against advanced threats that other solutions can only dream about.
Most network security technologies deal with only certain attack vectors, like access to endpoints, or threats to the network perimeter, but miss a range of other sources like infected BYOD, insecure IoT devices, or threats targeting servers, databases, etc. MENDEL overcomes these significant limitations.
All threats - including those hidden in BYOD, or which utilize insecure IoT devices where an endpoint security solution can't be installed - create network traffic as they move through the network to steal data, infect other devices, or communicate with command and control servers. MENDEL monitors all traffic on your network, rather than just one type or location. Analyzing this traffic means that MENDEL can detect even hidden threats as they move in the network, including in BYOD and IoT devices, and in SCADA/ICS networks. MENDEL can even distinguish between machine and human behavior to detect hidden threats by repetative versus random behavior.
Instead of relying on older, limited SNMP polling, MENDEL leverages flow content-based monitoring. Flow-based monitoring provides real-time visibility into network statistics and other summary and detailed issues. Deep packet inspection (DPI) extends this information with real-time comprehensive contextual metadata (like user identity or applications, for example).
MENDEL constantly monitors user communication and network applications across all ports and on TCP, UDP, ICMP, and many other protocols. This enables monitoring of current and average bandwidth, response times, transit times, delay, jitter, ports in use, connection peers, and more.
MENDEL generates network communication metadata, providing full contextual awareness like destination and source, user identity, and application protocol. It also integrates selective on-demand packet capture. Unlike technologies based on full packet capture, this allows network traffic metadata to be stored for much longer with low demands on storage capacity. This includes application protocol metadata like HTTP, DNS, DHCP, FTP, SMB/SMB2, MS-SQL, SMTP, SIP, SSH, POP3, NFS, MODBUS, DNP3, IEC60870 101/104, and SSL/TLS (HTTPS, IMAPS, SMTPS, LDAPS).
The GREYCORTEX MENDEL web user interface presents comprehensive information about network traffic, from management overviews to aggregated information on network communication, all available in customized dashboards. Users can drill down into subnetworks, users, and applications, peer communication, to individual flow details and their content. This means security teams can precisely investigate possible breach events. MENDEL’s powerful capabilities allow you to filter and sort the data in any way you need, which means alerts can be resolved in under two minutes in many cases.