Network Security Appliance
Agger physical or virtual probes monitor and analyse all the IT and OT network traffic.
The Agger Network Security Appliance is based on physical or virtual network probes and a central server.
Agger Network Security Appliance can be integrated with all the other complementary Agger Modules or with an external SIEM.
How it Works
The NSA module monitors and analyses all the IT and OT network traffic from layer 2 to layer 7 of OSI stack using machine learning algorithms in order to create models and to detect any kind of anomalies.
The Artificial Intelligence algorithms can create different maps for different operational conditions in order to maximize the detection accuracy.
The probes have also rules-based IDS capabilities and are able to generate Netflow logs.
The central console permits to manage all the probes, to access, visualize and analyse all the data collected through a modern graphical interface.
Physical or virtual machine.
Secure communication infrastructure designed for Internet deployment.
Probe automatic update.
Management through the central server.
Type of data gathered
Layer 2 to layer 7.
Layer 3 Netflow logs generator.
IT and OT content of communications.
Passive stateful analysis of network traffic
Intrusion detection rules for IT and OT traffic
Threat intelligence IoC research
Machine Learning algothitms for netflow logs analysis, DNS traffic analysis, http/https analysis
Traffic modelling and classification
Anomaly detection based on communication behaviour
Show More +
Show Less -
Generation of TCP reset flagged packets
Orchestration of third-party devices
Full remediation using Agger Endpoint Detection and Response
Graphical analysis of real time traffic
Graphical analysis of Machine Learning Models
Traffic log analysis
Fully scriptable (LUA) “Push” and “Pull” orchestration of third-party devices trough API or SNMP
Integrable with external SIEM