We spent 15 years developing and honing and going beyond a NIDS platform which resulted in our own Panoptic Sensor® and Panoptic SIEM®.
The Panoptic Sensor® and Panoptic SIEM® are included, license-free, with the onShore Panoptic Cyberdefense® SOC service suite.
Coupled with Panoptic Cyberdefense® our sensor provides powerful detection at the perimeter and laterally in your network and in your cloud workloads.
The onShore Security Panoptic Sensor® is one of the most advanced network sensors in the industry with direct-driver memory access for real-time processing. It combines network IDS with log, anti-malware, host detection systems, and more system correlation into one of the most advanced detection systems available. It also serves as the on-premise or virtual log collector for the cloud-based Panoptic SIEM.
The onShore Panoptic Sensor differs from most in that parallel, sensor algorithms allow for the creation of correlation rules at the sensor so that actionable events are identified before they reach the SIEM. All network data, security data, and log data are fed into the sensors. Tuning at the sensor can be integrated with threat hunting exercises for increased gains in accuracy. We don't squelch non-threat events but rather incorporate them into a true picture of your network so anomalies are found and APTs are detected sooner. All network data, security data, and log data are fed into the sensors. Some additional special sensor features include malware machine-learning detection, producer/consumer ratio alerting, host behavior profiling, DNS sink-holing, SNMP trap capture, and syslog capture.
Panoptic Sensors are typically sized to take full packet captures, not just net-flow, with up to 2 days of buffer, empowering our analysts to investigate threats and anomalies that others can't.
Using multiple parallel sensor processes, the onShore Panoptic Sensor collects full packet captures from your network and identifies threats, anomalies, and compliance violations.
Logs can be accepted from almost any source, even if not in syslog format or attainable only by API. This prevents vendor lock-in and incompatible systems.
Our sensors include multiple 10Gb ports optimized for high-volume traffic. We start with 1TB of storage but upgrade to any amount targeting 2 days of look-back packet captures. And we always deploy in HA pairs.
We include malware detection at the network level with machine learning so you can enhance your host-based anti-malware.
Tuning at the SIEM level leaves a gap. We add tuning at the sensor level for greater anomaly detection with fewer false positives.
Our own 15-year banking signature database coupled with multiple proprietary feeds and rules customized for you provide in-depth data for our analysts to work with.