Ariadnex – Deep Network Intelligence
I work at ARIADNEX since 2009. I’ve learnt a lot about networking and security in these 10 years. I’ve had the chance of configuring dynamic routing protocols such as BGP, OSPF or RIP. I’ve installed and configured lots of switches and routers. I’ve deployed security tools such as SIEM, Antivirus, IDS/IPS, firewalls, etc. I’ve analysed lots of security alerts to know what’s happened in the network. I’ve even been a teacher in IT courses on network, security, hacking and forensics. I’ve been able to do many tasks in these 10 years.
I’ve realised when there are issues with the network, such as slowness or traffic is not going through the best route, companies and IT engineers get crazy. When there are complex issues, we need a DEEP knowledge for a DEEP analysis. We’ll need networking and security tools where we can analyse lots of metrics such as sessions, flows, traffic, etc. We should even be able to download the packet to know what’s going on. What’s more, if we want to know what happened in the past, one day or two days ago, we should also be able to download these packets for a better analysis.
Most applications use the NETWORK to send and receive data. Today, the network is very important in most businesses. Therefore, networking monitoring is a must in most companies because if there are issues, we’ll need to check how the network is performing. Companies need a healthy and clean network, where data is going through, because the network is the highway of data. If you are an IT engineer and you are worried about your data, network monitoring is your friend.
Sadly, there are lots of companies which don’t know what’s going in their networks. They can’t perform a deep analysis either. However, there are companies which do have network monitor or even they can perform a deep analysis but they don’t have the third important concept. INTELLIGENCE. Intelligence is required to know exactly what the monitoring tools is recording. Intelligence is required to know exactly what events and logs are recording. We can add intelligence to the monitoring tools with books, study and expertise.
There are many adversarial simulation tools which help us to know if the network and security monitoring tool is working well. FlightSIM is my favourite one because we can easily generate malicious traffic such as C&C traffic, DGA traffic, spambot traffic, etc. However, there are many others useful adversarial simulation tools such as Caldera, BT3 or DumpsterFire. It’s up to you which one you want to use to know if your monitoring tools detect malicious traffic.
|Adversarial Simulation Tool|
We can perform Deep Network Intelligence from Ariadnex but we can improve this intelligence with a Network Packet Broker (NPB). Gigamon is a NPB which can be used to resend a copy of the traffic to the monitoring tools. For instance, we can send a copy of the traffic to SSL Intercept appliances, IDS/IPS appliances, etc. Therefore, A-DNI along with a NPB will be the next generation monitoring tool at Ariadnex.
|SSL Inspection with Gigamon|
Regards my friends. What do you think?