AIMon for Enterprises

DEEP PACKET INSPECTION ENGINE

Cyber-Security

AIMon can detect and classify known malicious network activities by monitoring for malware and phishing websites. Network traffic is correlated with known indicators of compromise (IOCs), such as domains, IP addresses, URLs, TLS certificates and JA3 fingerprints based on threat intelligence feeds. Attack signatures can also be applied to the traffic. Our engine comes with a converter to transform existing Snort and Suricata rules seamlessly without performance degradation.

Analytics

AIMon provides powerful insights to identify suspicious traffic; long flows, expired certificates, and high-usage patterns are some of the triggers for further investigation. By tapping on the power of deep learning, AIMon can identify algorithmically generated domains that are used for nefarious purposes. With built-in functionality to record traffic, further analysis and investigation is made easier.

Policy Enforcement

AIMon enables granular control over network traffic for policy enforcement, enabling identification and management of applications, access control based on user identity, and real-time threat detection and mitigation.

Bandwidth Management

AIMon facilitates bandwidth management through traffic prioritisation, Quality of Service (QoS) enforcement, and bandwidth throttling, ensuring optimal performance for critical applications, equitable distribution of resources, and prevention of network congestion and abuse.

Features

We foster a culture of collaboration, leveraging the diverse expertise of our team and forging partnerships with customers to achieve shared success in combating network and cyber threats

Deployment

  • Inline or passive (port mirroring or tap) probe.
  • Can be deployed as a virtualised solution in all major cloud providers as well as a local virtual machine image or Docker.
  • Support of a variety of packet capture cards.

Inline Capabilities

  • Ability to block traffic by:
    • Application
    • Content category
    • Custom signature matching
  • Ability to shape traffic with a configurable rate per policy.

Export Capabilities and Formats

  • Real-time logging of Internet Protocol Detail Records (IPDR) in CSV and JSON format.
  • Streaming of flows over IPFIX, Kafka and syslog.

High-Resolution Visibility

  • Over 60k protocol and application signatures together with a powerful classification engine to provide a granular view of traffic usage.
  • Identification of services like VoIP, chat and file transfer within complex applications like OTT apps.
  • Automatic decapsulation of all tunnels (GTP, L2TP, GRE, IPv6-in-IPv4, Teredo etc.).
  • Traffic classification into IAB groups (Government, Gambling, Social etc.).
  • Ability for users to load their custom signatures as well as to develop and load their modules.

Guaranteed Performance and Scalability

  • Real-time analysis of flows up to 80 Gbps for inline probe.
  • Real-time analysis of flows up to 120 Gbps for passive probe.
  • Range of probes from 1U to 2U.
  • Performance is tested with all features enabled.
  • Advanced telemetry to monitor the health of the probe and detection KPIs. Telemetry available both as Web API and SNMP.

Advanced features

  • Ability to record and/or forward traffic that matches selected applications.
  • Operates on IPv4 and IPv6 fragmented traffic.
  • Operates both on bidirectional and unidirectional traffic.
  • TLS decryption when decryption keys are provided (offline traces only).
  • Ability to read from offline (PCAP) traces via directory polling.