Network Security Appliance
Agger physical or virtual probes monitor and analyse all the IT and OT network traffic.
The Agger Network Security Appliance is based upon a physical or virtual network probe and a central server.
Agger Network Security Appliance can be integrated with all the other complementary Agger Modules or also with an external SIEM.
How does it work?
In order to create models and to detect any kind of anomalies the NSA modules monitors and analyses all the IT and OT network traffic from layer 2 to layer 7 of the OSI stack using machine learning algorithms.
Artificial Intelligence algorithms can create different maps for different operational conditions in order to maximize detection accuracy.
The probes have also rules-based IDS capabilities and they are able to generate Netflow logs.
The central console allows the managing of all the probes in order to access, visualize and analyse all data collected. This will be easily displayed through a modern graphical interface.
What are the advantages?
Having a physical or virtual machine
Secure all communication and infrastructures designed for Internet deployment
Automatic updates of all the probes.
Full management through the central server
Type of data gathered
From 2 to 7 layers ISO/OSI
Generator of Log 3 Netflow
Communications contained in IT and OT
Passive stateful analysis of the network’s traffic
Intrusion detection rules for IT and OT traffic
Threat intelligence IoC research
Machine Learning algorithms for Netflow logs analysis, DNS traffic analysis, HTTP/HTTPS analysis
Traffic modelling and classification
All anomalies detection based on communication behaviour
Show More +
Show Less -
Generation of packets with reset flagged TCP
Orchestration of third-party devices
Full remediation using Agger Endpoint Detection and Response
Graphical analysis of the real-time traffic
Graphical analysis of Machine Learning Models
Traffic past log analysis
Instrumentation “Push” and “Pull” of third-party devices through API or SNMP fully scriptable according to (LUA)
Integrable with external SIEMs