DarkSniper Key Benefits

DarkSniper provides a proactive AI advanced technology that maximizes zero-day protection without compromising business productivity. Furthermore, our affordable subscription-based fee will offer pricing flexibility and scalability, for both large and SMEs companies. 

▪ Network Traffic Sniffer agent that is responsible to collect the metadata of the traffic, that be used for ML dataset.
▪ Ability to analyze encrypted traffic (without the need to decrypt)
▪ Different latest datasets of ransomware samples to capture ransomware behavior and patterns.
▪ Using Deep Machine Learning to define a model with 95%+ accuracy with high-fidelity and anomaly detection
▪ Complete log records of network traffic
▪ Comprehensive dashboard with full and interactive details.
▪ Real-time threat alerts [zero-day exploit detection, viruses, data loss, DoS, DDoS, etc] with prioritized risk highlights and instant notifications (email, SNMP, and syslog notifications)
▪ Visual tracking of threat across the network (Intelligent visualization)
▪ Powerful automated threat remediation (automated incident response)
▪ Profile Topology with interactive options.
▪ Capability to integrate with security information systems and thirdparty packet capture solutions and offer APIs for custom integration 

DarkSniper is a standalone appliance that will be deployed smoothly within target networks, to collect logs from different network components (Access Switches, Core Switches, Firewalls, Web Proxies, Active Directory, etc.) and analyze them artificially and intelligently. It will contain of three main components:

• Log Collectors (Repository)
• Sensors
• Main Appliance/Brain

Sensors will be deployed across the network in order to collect logs (Meta-Data) from specific network and then forwarded that to the main Log collectors. It could be not needed for small networks and limited network IPs. However, Sensors could be separated to different purposes based on the complexity of the network. For example, one sensor for web servers/proxies, one for DMZ zones, other could be for firewalls, or for organization branches.

Log collectors will be a centralized appliance to store all logs for further processing and analysis. These appliances should have a clear structure for storing huge volumes of logs and it could be split based on the different domains (Firewall, Switch, VPN, etc.) for faster search and correlate later on.

The third appliance is the main one where it will be responsible for the following roles:

• The only way to interact with the Log Appliance.
• Full and interactive dashboard for security analyst.
• An API/interface to Firewalls, Core/Access switches for blocking or enabling access to IPs/Hostnames.
• A configuration interface to configure all necessary setting for the appliance or network components