How Custocy Uses Next-Gen DPI and IDS to Power AI-Based Network Threat Detection and Response

Custocy is a French company specializing in artificial intelligence (AI) for cybersecurity. The company has spent 5 years developing an AI engine for Software as a Service Network Detection and Response (SaaS NDR) in cooperation with France’s LAAS-CNRS systems research laboratory.

Custocy has chosen Enea’s deep packet inspection (DPI) engine and intrusion detection (IDS) software development kit (SDK) to bring detailed traffic visibility, streamlined data inspection and enhanced threat detection capabilities to its solution. The integration will enable Custocy to improve the accuracy and performance of its platform, key factors for product differentiation.

Winner of the i-NOV innovation label and “Product of the Year” award at the Paris Cyber Show, Custocy has a pioneering approach to collaborative AI that enables high-performance protection for IT networks through unprecedented detection speed and precision. Called the MetaLearner, Custocy’s AI engine is especially proficient in identifying sophisticated and unknown attacks through a combination of artificial intelligence, behavioral analysis and threat intelligence. It has extremely high accuracy, while reducing false positives.

The MetaLearner is unique in using layered, multi-temporal AI models to orchestrate multiple AIs, each operating at different time scales, from short to long, to detect immediate threats as well as persistent attacks. On discovery of a potential risk, the MetaLearner decides whether to send an alert to the security operations team or not. Each alert that is sent indicates a severity score and is automatically aggregated with others, designing the attack path visualization. This allows analysts to understand the threat and to prioritize investigation according to the highest risk and the insights gained from the accompanying threat intelligence. This streamlines the alert process and speeds mitigation of critical network breaches.

Better AI Results

The quality of artificial intelligence results is highly dependent on the quality and depth of information the AI models receive. Access to detailed network traffic intelligence and high-quality data was therefore of strategic importance to Custocy and a key factor in delivering accurate and effective threat detection services [1]. To boost the performance of its AI-powered NDR platform, Custocy sought to integrate dedicated functions that would provide exceptional visibility into network traffic and high precision in the detection of potential threats present in the flows, and they chose to partner with Enea [2].

Superior Traffic Visibility

Enea’s deep packet inspection (DPI) engine, the Enea Qosmos ixEngine®, has long been the most widely embedded DPI software in the cybersecurity industry. The quality and depth of its traffic intelligence play a vital role in a wide range of security functions. It has a library of over 4500 protocols (more than any other commercial DPI software) and can extract 5900 metadata, including unique indicators of anomaly. As a next-generation DPI engine, it also uses specially developed techniques in addition to DPI to identify encrypted, anomalous and evasive traffic. Delivered as a software component, it is cloud native and scales according to network needs. Engineered for OEM use, it can be easily embedded inside networking and cybersecurity solutions to deliver granular information on packets and flows directly to the functions requiring traffic visibility.

Improved Threat Detection

Enea also delivers a software-based Intrusion Detection (IDS) engine: the Qosmos Threat Detection Software Development Kit (TD SDK). The Qosmos TD SDK embeds core functionalities from the industry’s leading IDS, Suricata, and integrates tightly with the Enea Qosmos ixEngine for traffic visibility. The integration with Qosmos ixEngine not only provides detailed traffic intelligence for accurate threat detection, but it also streamlines operations, eliminating double packet processing and accelerating parsing speed. This brings improvements to product performance, significant increases in threat detection speed and accuracy, and access to custom rule development.

As cyberattacks against critical public and private infrastructure become increasingly frequent and sophisticated with threat actors adopting AI tools and techniques to circumvent security systems, demand for effective NDR is high [3]. Solutions using advanced AI capabilities to counter these new attack mechanisms are of particular interest.

The cybersecurity technology partnership between Custocy and Enea will deliver a high-performance NDR solution that meets the stringent demands of today’s critical infrastructure protection needs. Custocy will market the solution through its global partner network of solution integrators and managed security service providers (MSSP).

Custocy CEO, Sebastien Sivignon, said of the partnership: “We are thrilled to join forces with Enea to offer our customers the highest level of network intrusion detection. The Enea Qosmos ixEngine is the industry gold standard for network traffic data. It offers a level of accuracy and depth conventional DPI and packet sniffing tools cannot match. Having such a rich source of clean, well-structured, ready-to-use data will enable us to dramatically improve our performance, work more efficiently and devote maximum time to AI model innovation.”

Speaking for Enea, Jean-Pierre Coury, SVP Embedded Security Business Group, stated: “Custocy has developed their solution from the ground up to exploit the unique potential of AI to enhance advanced threat detection and security operations. AI is truly woven into their DNA, and I look forward to the additional value they will deliver to their customers as they leverage the enhanced data foundation delivered by Enea software to support their continuous AI innovation.”

For additional information on Custocy and Enea’s technology partnership, read the press announcement.