Embedded DPI for Cybersecurity

Next-Gen DPI for Extended Detection & Response

Strengthen your XDR Systems with High Quality Data & Unique Insights

BOOK A DEMO

High Quality Data and Unique Insights for Superior Anomaly and Threat Detection

With increasingly distributed networks, many organizations are adopting zero trust and cloud-based security strategies (e.g., SASE and SSE) to strengthen their defensive capabilities and reduce their attack surface. This is an important step forward, but a defense-in-depth strategy requires pairing these strategies with advanced threat detection and response capabilities.

Accordingly, many vendors now offer Extended Threat Detection and Response (XDR) systems as a security platform feature or a standalone solution. XDR systems use signatures to detect the presence of known attacks, and advanced behavioral analytics (often supported by ML and AI) to detect anomalous patterns indicative of an advanced attack. This behavioral analysis is performed on large volumes of enterprise-wide user, device and network traffic data, with rules for actions to be taken to mitigate potential attacks.

The results of this analysis and the effectiveness of the XDR system depend on the information that is made available to it. The more accurate and precise the data fed to the XDR system, the more reliable and successful the detection of the threats.

Enea Qosmos Deep Packet Inspection Technology: The Data Foundation for XDR

  • Identifies 4500+ protocols and applications
  • Delivers 5900+ types of metadata
  • Classifies encrypted and evasive traffic
  • Indicates anomalous behaviors
Enea Qosmos Next-Generation DPI Technology for XDR

Next-Gen DPI for XDR

XDR comprises two main functions: Network Detection & Response (NDR) and Endpoint Detection & Response (EDR). As the names suggest, the main role of NDR is to detect and prevent intrusions at the network level, while the goal of EDR is to stop intrusions at the endpoint level (e.g., through anti-virus solutions).

Both NDR and EDR use a combination of trusted technologies: 1. Intrusion Detection/Intrusion Prevention Systems (IDS/IPS) and 2. Endpoint Protection (EPP) to detect primarily known threats, and 3. Machine learning-enhanced behavioral analyses based on Advanced Anomaly Detection (AAD) to identify unknown or hidden threats that have evaded these systems.

Enea Qosmos technology not only identifies and classifies network traffic, but also provides highly detailed and accurate metadata that provides insights into user and device profiles and actions. It is therefore used as a data foundation to support AAD in both NDR and EDR, and to enhance existing rule-based detection capabilities within IDS and EPP components.

Enea Qosmos Next-Gen DPI for Extended Threat Detection and Response

Granular Insights for XDR Solutions with Next-Gen DPI Engine

Enea’s embedded next-generation Deep Packet Inspection engine, Qosmos ixEngine®, delivers the data that fuels advanced network analytics within XDR solutions. It passively and non-intrusively inspects and analyzes raw telemetry data (rather than logs) to provide detailed, highly accurate data about the protocols, applications, services, users, files, flow characteristics and devices associated with traffic flows.

  • In Endpoint Protection (EPP), Enea Qosmos ixEngine supports better rule-based threat detection by delivering important contextual data including device ID, device profile, location, time, and info to compute application risk posture.
  • In Advanced Anomaly Detection (ADD), data from Enea Qosmos ixEngine is used to:
    1. Build reliable models of normal behavior to detect future anomalies
    2. Accurately determine which abnormalities represent threats
    3. Rapidly qualify these threats and IPS alerts using contextual
    4. Develop effective rules in response to these assessments
  • In Threat Detection, the Enea Qosmos TD SDK delivers IDS-based functionalities as a software component. It embeds core IDS functionalities from Suricata in a software development kit that integrates tightly with Enea Qosmos ixEngine. With this integration, double packet processing is eliminated, parsing speed is accelerated, and traffic insights are vastly expanded to fuel next-generation threat detection and custom rule development.
  • For the XDR platform as a whole, the contextual metadata provided by Enea Qosmos ixEngine makes threat analysis and forensics much faster and easier (while simultaneously reducing the need for full packet capture).

Benefits

Enea Qosmos ixEngine for XDR

Global Network Visibility

    • Gain real-time L2-to-L7 visibility over network traffic across mobile, cloud, on-premise equipment, IoT devices, applications and containers.
    • Achieve visibility into encrypted traffic with fine grained and contextualized metadata and statistics that can profile and classify data packets without decryption.

Critical Efficiency

  • Save valuable SOC staff time (and frustration) by excluding low- or no-value data and better qualifying and funneling alerts.
  • Dramatically reduce data storage requirements by excluding safe traffic and reducing the need for full packet capture to support forensics. 

Maximum Agility

  • Rapidly deploy (or re-deploy) sensors as needed across continuously evolving network environments.
  • Leverage protocols, metadata, behavioral baselining and analytics to surface new, hard-to-detect threats moving laterally across your network.
  • Gain the speed and flexibility needed to secure and manage forthcoming 5G mobile networks.
LIST OF APPLICATIONS AND PROTOCOLS RECOGNIZED BY ENEA QOSMOS
Video: Custocy Presents Their Pioneering AI-Powered NDR and How Enea’s DPI-Based Boosts Their Solution Performance

VIDEO INTERVIEW

Custocy Presents Their Pioneering AI NDR and How Enea’s DPI Boosts Their Solution Performance

Product Datasheets

Enea Qosmos ixEngine: Next-Generation DPI Engine for Maximum Traffic Visibility Enea Qosmos Threat Detection (TD) SDK: The Key to Scalable, High Performance Intrusion Detection

“Modern cybersecurity models such as zero-trust networking access and extended detection response pivot around DPI, a trusted technology we all know, but one that’s evolved to meet the needs of the threat landscape today. A strong DPI engine is central to high-performance threat detection. Not only does it enable visibility into network traffic, but it also provides the intelligence around which to base custom rules that customers can tailor to their specific environments.”

Roy Chua, Founder and Principal, AvidThink
On-Demand Webinar: How to Use Network Detection & Response (NDR) to Mitigate the Inevitable Breach

ON-DEMAND WEBINAR

How to Use Network Detection & Response (NDR) to Mitigate the Inevitable Breach
Qosmos DPI for Network Traffic Visibility in Cybersecurity - See the product demo!

PRODUCT DEMO

Enea Qosmos Next-Gen DPI for Network Traffic Visibility in Cybersecurity Solutions

Featured Resources and Insights

Network Detection and Response Report by Cybersecurity Insiders and Enea
SURVEY REPORT: Network Detection and Response (NDR)
Redefining Performance and Time-to-Market for Intrusion Detection Systems (IDS) with Enea Qosmos Threat Detection SDK
SOLUTION BRIEF: Redefine IDS Performance with Qosmos TD SDK
Why is Next Generation DPI Crucial for SSE Success?
WHITE PAPER: How SSE Vendors Use Next-Gen DPI for Market Success

Industry Recognition

Enea Qosmos TD SDK wins Global Infosec Award 2024 Enea wins 2 Cybersecurity Excellence Awards 2024