Data Surveillance Solution

 
AdobeStock_332079304.jpeg
 

A Data Surveillance Solution (DSS) is utilized to provide visibility into the critical data that is traversing the network. This data can be either data in motion or data at rest.  Once the critical data is recognized, the data collection solution must be able to acquire, detect, and track for any movement or anomaly of this critical data throughout the network. To properly understand and classify the data, the DSS must have the ability to understand data creation and data consumption.  This is imperative for analytical purposes so that any research performed is data dependent. This classification is critical for security-related data especially incidents where the data may be stolen, manipulated, or suffer any form of exfiltration attempts. These attempts may be made by rogue users or admins inside the network, or from outside hackers who can impersonate themselves as legitimate users.  The DSS system utilizes a triangulation methodology focused on three main principles: Data Awareness, Protocol Awareness, and User Awareness.  These principles are combined to establish a dynamic baseline for the data. Subsequent incoming data is then scored and compared against this baseline to detect any security anomalies. This baselining is a key factor in detecting performance issues indicative of a system malfunction or deterioration..

Based on the results of the three main analytical components, the data involved is clustered and analyzed by utilizing AI. These clusters are created by scoring/weighting every event along the three axes or factors of analysis: protocol, user-behavior, and packet content. Specifically, if an event is determined to behave in an unknown manner when compared to the known behavior of past packets i.e. signatures/datasets, its score is incremented.

An anomaly/deviance that is discovered by this process may be related to a security issue of the computer network, a modification of the data, a performance issue.  This deep analytical approach is applied to every data packet on the network. In addition to the DPI performed, the user session will also be analyzed using the above scheme, and not just the individual packets themselves. The patented baselining and scoring schemas utilized keep the system operational and self-learning with minimal user interaction. 

Track everything inside.