CERNE (40Gbps IDS & Event Driven Record)
The Telesoft CERNE combines a high rate 40Gbps IDS engine with automated record of relevant network traffic for real-time and historical threat investigation and digital forensics.
CERNE continuously scans and captures network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event. Capture can be configured for a single IP address, port, protocol or combination providing flexible visibility and context around a potential breach.
Automated collection of only relevant traffic by session minimises unnecessary storage, reduces costs and ensures rapid near real-time retrieval.
Using widely supported Suricata, the CERNE scans for threat signatures specified in user definable rules that include an optional property to extract, record and deliver to your SIEM the session content from before and after the alert. Session extraction and recording can also be controlled from threat intelligence logic from within the SIEM, enabling even greater control and intelligence over storage management.
Key Specifications
- Network Intrusion Detection (IDS)
- SURICATA, SNORT & Syslog Compatible
- Real-time Monitoring
- Threat Detection & Management
- Enables Full Flow/Session Analytics for Detected Threats
- Advanced Event Correlation
- Remote Sensor Management