: 25 January 2024

Cysight and Keysight

Predictive AI Cyber and Network Intelligence

The Challenge

Traffic volumes in today’s network are growing exponentially and at the same time, the dynamic nature of software-defined architectures present dual challenges to capturing a full picture of all network packets and then storing and analyzing the data for security and performance analysis. Techniques such as traditional Netflow collection can be used to gather information using fewer resources, however, the granularity and detail of such approaches are insufficient for full visibility.

Integrated Cyber Security and Network Intelligence from Keysight and CySight

The integrated solution from CySight and Keysight eliminates blind spots offering unprecedented network visibility and defense in depth.

Keysight’s Visibility architecture connects across the entire customer network using TAPs, Virtual TAPs, Agents and Packet Brokers and converts raw network data to compact metadata. Using deep packet inspection and intelligence techniques, Keysight generates an enhanced version of Netflow called IxFlow. This IxFlow adds rich metadata fields necessary for effective cybersecurity and performance analysis.

CySight has been integrated with Keysight Visibility to be able to ingest, process, and analyze the rich metadata contained in IxFlow records. Using advanced techniques in machine learning, artificial intelligence and data management CySight architecture scales collection, correlation and retention of these records at the highest scale – ensuring full granularity of analysis and eliminating gaps in information retention.

The richness of the Keysight IxFlow data, combined with the analytics capability of CySight enables sophisticated anomaly detection, threat detection, security forensics, performance monitoring, and traffic accounting capabilities that are not feasible with standard network or Netflow based analysis solutions.

CySight’s tight integration with Keysight’s threat intelligence allows complete forensic investigation of threats such as Randsonware, Trojans, and encrypted traffic that are shown on CySight’s Threat Map.

Keysight IxFlow provides many metadata options that provide extensive Applications Intelligence
metadata from raw network data such as: radius, ssh, ssl, dhcp, http, email, geo location, threat
identification and much more.

Next are just a couple of examples of the many use cases which can be addressed.

Sample Use Case

Challenge: Identifying email-based security concerns

Solution: CySight analyzes email related metadata fields in Keysight IxFlow

Response: Allows discovery of security and compliance related issues hiding in email traffic e.g.;

Email Subjects with large numbers of messages and/or suspicious attachment types are indicators of phishing or malware. When correlated with other fields such as username, geolocation, and threat intelligence such issues can be quickly isolated.
Compliance flags such as forbidden attachment types, excessive numbers of email attachments from a particular source, or sent emails marked ‘Confidential’ from departing employees can be identified.

Sample Use Case

Challenge: Speed of time isolating cyber threats

Solution: Keysight Threat Intelligence plus correlation and reporting in CySight

Response: Keysight Threat Intelligence data exposes details of botnet, malware, hijacks, exploits – which is exported to CySight in IxFlow records. When correlated by CySight with additional IxFlow fields and other metadata, cyber threats can be quickly isolated/mitigated e.g.;

For malware find out not only affected IP address, but which user login and geolocation as well – to quickly triage the issue.
For an exploit identify particular OS, Devices, and Browsers impacted, so that patching can quickly be updated.