Cloud Security Startup ProtectWise Creates Network DVR To Analyze Threats

MojoKid writes: A Denver-based security startup called ProtectWise has a rather interesting twist on a security as a service platform that also incorporates an innovative threat detection and management user interface. The ProtectWise security platform runs on a cloud-based infrastructure that currently utilizes Amazon AWS for storage and processing. ProtectWise is an all software solution comprised of a "Cloud Network DVR" platform made-up of virtual cameras in the cloud that record all traffic on the network. The sensors (12MB install package) record all network traffic wherever they're installed and stream it up to the ProtectWise platform where it is securely stored and the threat analysis is performed. The sensors can be configured with profiles to capture just light metadata like netflow or headers (source, destination etc.) all the way to the full payload. You can then playback the traffic from the ProtectWise cloud analytics platform, going months back if needed, and analyze the data for threats. You can go back in time and see if, where and how you've been compromised retrospectively. There's also a ProtectWise HUD that visualizes and renders network threat location and progression, allowing you to make better use of all the data recorded. It has a 'KillBox' that visually shows attack event progression across the network area. The only question has to do with compliance for financial applications since it is cloud-based. Currently, ProtectWise has 100 or so deployments of its product in the market with customers like Netflix, Hulu, Expedia, Pandora and Universal Music.

Woah

Security as a service platform, innovative, cloud based infrastructure, CLOUD NETWORK DVR virtual cameras, light metadata, playback, cloud analytics platform, back in time, K-K-K-ILLBOX!

Does it come in a cereal box?

Re:Woah

[nazsco]

in journalism parlance this is called "reheating a press release".

in extremely slow days, the journalist, in this case a slash dot editor, just gets a press release that are sent to newspapers in troves every day, and publish as an original article.

nowadays you can see the same paragraphs in several tech sites and blogs because they all just reheat the same press release.

it's exactly the kind of thing that makes regular news suck, and what made slash dot meaningful in the past. now that this reached here, we all can leave.

Looks Iike you get new vulnerabilities for old

It might be an excellent system but even if it is you are still adding several new points of failure outside your control to your security.

Re:Looks Iike you get new vulnerabilities for old

I'm totally volunteering to offer Gold Bullion, hookers, and cocaine storage as a service. I'll call this new invention: banking.

The only question has to do with compliance

[turkeydance]

no. not the only.

Re:The only question has to do with compliance

[ls671]

Agreed, sending your protected LAN traffic and what not to the cloud. What could possibly go wrong?

As a matter of fact, our current security setup wouldn't even allow the data to be sent.

Re: The only question has to do with compliance

Ever heard of encryption or is that too complicated a topic right now. Thought so.

Re: The only question has to do with compliance

[ls671]

The concern for everybody is that it has to be decrypted at some point to be able to analyze the traffic and it would be decrypted outside your premises where you have no control. Heck you would even need to encrypt it with a public key for which you have no control over the matching private key!!!

And guess what? The other runs on the cloud! This all sounds great to me.

retro-spec

[turkeydance]

horse leaves barn.

Doesn't seem to have much to do with security

[fustakrakich]

...with customers like Netflix, Hulu, Expedia, Pandora and Universal Music...

It looks more like a geo-location service and VPN/Tor detector

Re: Doesn't seem to have much to do with security

This one exactly. When all traffic is recorded I can track a few bytes from source to destination without knowing what is in them. Actually I'll know what's in them at the destination

Cloud Cloud Cloud Cloud

[SuperKendall]

Confused, where are they putting all the software again?

Re:Cloud Cloud Cloud Cloud

[xxxJonBoyxxx]

>> The sensors (12MB install package) record all network traffic wherever they're installed and stream it up to the ProtectWise platform

Cool, so I just install this on my router and...

>> Well, you can't install it there. Try a spanning port and set up a completely separate box to run our "sensor"

And how is this better than Snort from 2000 or so?

>> F***!

Re:Cloud Cloud Cloud Cloud

Right, and you're monitoring your network's (say) 10000 packets/sec link and UPLOADING that data duplicate at 10000 packets/sec to this Cloud service. May work at 100Mbs, not likely to work at 1Gbs. Oh yeah - compression - yeah that solves everything - and latency never matters.

Some things need to stay local - just because - physics n stuff

Re: Cloud Cloud Cloud Cloud

[xanthos]

Phffftt. 12MB! Is this thing written in Java? NetCat is only a couple of hundred bytes.

Re:Cloud Cloud Cloud Cloud

[Nunya666]

Right, and you're monitoring your network's (say) 10000 packets/sec link and UPLOADING that data duplicate at 10000 packets/sec to this Cloud service. May work at 100Mbs, not likely to work at 1Gbs. Oh yeah - compression - yeah that solves everything - and latency never matters.

How do startups succeed in getting headlines with ideas that can never work in the real world?

One of our networking guys told me we can't even monitor our network traffic for a single day because the volume would quickly fill our multi-terabyte SAN. Granted, we're a largish company with 350+ users at our corporate office, but still.

Maybe their service is geared towards smaller shops that would have smaller traffic volumes. But then how would smaller shops have the bandwidth for this service? I don't get it.

A private NSA competitor

[taniwha]

So now we have private companies setting up gross hoovering of network traffic worldwide - listening in to all the world's net traffic.

Why was it the powers that be want to get rid of good encryption again? certainly not to protect my credit card data when I buy stuff.

The time for crypto everywhere is now!

Re:A private NSA competitor

As long as Denver is in the US, I'm not touching it with a pole longer than the Atlantic is wide.The data of Americans isn't well protected by law, much less in practice, but data of foreigners has no rights at all, by law.

Re:A private NSA competitor

[transporter_ii]

Yes. Nothing screams security like copying every packet that crosses your LAN and storing it into the *cloud* somewhere. This is an NSA wet dream. They don't even have to take up their own drive space to store every packet, just get a warrant (hahaha) and get the data from Amazon.

Spam?

How do I disable targeted ads, masquerading as articles?

Re:Spam?

Stop reading Slashdot.

Re: Spam?

find a way to filter out mojokid

Hey, kids!

[kheldan]

Now you too can have your own little NSA! Spy on your network just like the big boys!

Re:Hey, kids!

Hey, it's been available as a hardware based "security" option for years, with much better traffic re-assembly and frighteningly effective capabilities for man-in-the-middle features for SSH and SSL traffic. It was designed by Sandstorm Enterprises, and is now sold by Niksun.

                          https://www.securitywizardry.c...

Sandstorm Enterprises also made the best war dialer ever, "for modem security sweeps". And if you believe that was its major use, I've got some swampland in Florida guaranteed against global warming, too.

Re:Hey, kids!

Not just like the big boys, your data is directly stored at the big boys. Clever, the start-up doesn't have to pay for storage this way.

Re:Hey, kids!

We already do! In fact, almost every large company does! and we don't even have to share the data with a 3rd party (and I don't see why anyone would)!

Go pig yourself, social media.

Some say the best talents have no name. Since I don't know who said that, I picture it must be the best of the minds.

Interesting concept...

I had a similar idea 20 years ago. Capture/record a signal stream and use it later. Should've patented it.

Slashvertisement

How much they they pay for this ad on /.?

And what's with the retarded "DVR" and "virtual cameras in the cloud" bullshit? It's called a packet sniffer. The only "news" here is that the mirror is streamed to a remote server for analysis, apparently to no advantage whatsoever.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Packetsled

I'd put my money with https://packetsled.com similar pitch better functionality

Re:Packetsled

Or open source moloch (https://github.com/aol/moloch)

This isn't banking, or even close

Physical artefacts do not behave the same way as digital information, you know when the former is stolen. Security of your inner network is not the same as storage of interchangeable items like money, if you put money in a bank and it gets stolen later you don't lose anything so long as the bank remains solvent. Banking moves the target outside of your control and outside of your responsibility, this does neither at best it adds a few more locks, but also more possibly unguarded doors. In fact I am struggling to see exactly what you are trying to imply...

Woah Nelly!

[TheRealHocusLocus]

Does it come in a cereal box?

No, it comes in it's own damned planet. A planet like ours but much bigger, whose inhabitants have dedicated all their time and resources to the task of storing our planet's data streams so highly paid net-nerds can surround themselves with 'real time threat displays' while making knowing grunts of surprise, and giving tours of the NOC to doe-eyed CEOs, meanwhile getting zero productive work done..

Ping traffic (admin scripts and and early DDOS) sometimes grabbed 50% of all network traffic.
Email spam (in the days of open relays) at times comprised 50% of all traffic.
Netflix and Youtube video streaming now comprise 250% of all traffic.
Cloud service load balancing and proxy mechanisms use 150% of available backbone networks.
Cloud virtual process space sharing, where the same 'Hello World' apps bounce back and forth for no earthly reason, use a mere 100%.
The loading of ridiculously massive JPG images into tiny rectangles on webpages (with smart phones some now exceed 1000dpi) comprises 130% of all traffic.
People accessing web services that give real-time charts and summaries of traffic, use another 300% of all available bandwidth.
Now, net-nerds are going to use the cloud to duplicate the cloud so they can play it all back later. 200%.
Some 'net DVRs' will be installed on networks that already have one, to monitor (and capture) the copies of DVR data streams. 400%.
Two networks will try to DVR each other, resulting in a 'race condition to the finish' (Infinity%)

The network statistics shown above were obtained from Netcraft, by hacking into their website and placing them there.

Re: Woah Nelly!

Hahahahahanahaha

someone doesn't understand big words

There is no such thing as "comprised of". There is "comprises", which means "composed of", which is what you should have used.

Re: someone doesn't understand big words

Someone forgot they apparently don't know english as well. That's not comprising enough.

Re:Tortured analogy...

[amiga3D]

That's what I was thinking. It's a fucking system to log traffic! What genius! How unique! They should quickly patent this.

All New?

Distributed network DVRs aren't new at all. See:

Network Flight Recorder
netsniff-ng
WildPackets
cPacket
OpenFPC
Snort
Security Onion...

I guess that these don't have the new ultra secure Cloud feature that makes all the difference. they also lack apps. I'll admit that the egregious omission of apps makes them ludicrously poor options. Everyone knows that you can't have security without cloud apps, because apps are security and cloud makes it so.

Right?

Re:Tortured analogy...

[Nunya666]

I thought it meant a shared TiVo or cloud storage of traffic cameras or some bizarre thing like that. No, it just fucking logs packets.

I came here to say the same thing. I guess I'll go back to what I was doing. Which is nothing.