TDAC (Telesoft Data Analytics Capability) – Monitoring, Analytics & Forensics Platform
TDAC (Telesoft Data Analytics Capability) is a cost-effective, field-proven ultra-high-rate network traffic monitoring, analytics, and digital forensics platform. TDAC ingests and analyses millions of events per second, including network flow data, IDS alerts and system logs, enhancing data with global threat intelligence (including IP reputation, threat classification, geo-location), partitioning and pre-analysing data for rapid sub-second query by Incident Response and Forensics teams.
Typically deployed on networks running at multiple 100Gbps,TDAC provides dashboards and query widgets for network performance visualisation and anomaly detection, a RestAPI interface for integration with other automated tools and a Kafka interface for third party streaming analytics tools.
TDAC scales horizontally according to the resources allocated to it and can retain data for months across Peta-Byte storage. The TDAC UI and RestAPI incorporates features to accelerate turning this huge volume of raw data into actionable intelligence, including navigation by preset groupings (such as Application, Service, BotNet, CNI, business area etc.), enrichment with threat classification data, query path tracking (as ‘forensic pathways’) and continuous query analysis, giving sub-second query time.
- National network scale Total network visibility of threats and performance where previously not
- Low latency query (typically > 1 minute) Works with Incident response work flow, allowing rapid response
Enhances data with IP reputation and Geo location Reduces analysis time – enables faster response
- User configurable and auto discovered data grouping “entity-sets”
- Reduce background noise and prioritise Infrastructure group, Application, Service, Subnet, BotNet, CNI, business area… Reduce alert fatigue.
- Accelerated cached queries for prioritised data groups Sub-second detection and analysis for rapid incident response
- Works with Telesoft 2x100G FlowProbe Immediate access to enhanced analysis above L4 including DNS, SSL and HTTP information, not usually available from standard flow export
- Works with Telesoft CERNE IDS Access enhanced analysis with IDS alerts and rapid retrieval of
- Configurable user roles, access and dashboards Have a single tool usable by multiple groups, including incident response, analysis, forensics