Cloud Security Startup ProtectWise Creates Network DVR To Analyze Threats

MojoKid writes: A Denver-based security startup called ProtectWise has a rather interesting twist on a security as a service platform that also incorporates an innovative threat detection and management user interface. The ProtectWise security platform runs on a cloud-based infrastructure that currently utilizes Amazon AWS for storage and processing. ProtectWise is an all software solution comprised of a "Cloud Network DVR" platform made-up of virtual cameras in the cloud that record all traffic on the network. The sensors (12MB install package) record all network traffic wherever they're installed and stream it up to the ProtectWise platform where it is securely stored and the threat analysis is performed. The sensors can be configured with profiles to capture just light metadata like netflow or headers (source, destination etc.) all the way to the full payload. You can then playback the traffic from the ProtectWise cloud analytics platform, going months back if needed, and analyze the data for threats. You can go back in time and see if, where and how you've been compromised retrospectively. There's also a ProtectWise HUD that visualizes and renders network threat location and progression, allowing you to make better use of all the data recorded. It has a 'KillBox' that visually shows attack event progression across the network area. The only question has to do with compliance for financial applications since it is cloud-based. Currently, ProtectWise has 100 or so deployments of its product in the market with customers like Netflix, Hulu, Expedia, Pandora and Universal Music.

The only question has to do with compliance

[turkeydance]

no. not the only.

Re:The only question has to do with compliance

[ls671]

Agreed, sending your protected LAN traffic and what not to the cloud. What could possibly go wrong?

As a matter of fact, our current security setup wouldn't even allow the data to be sent.

Re: The only question has to do with compliance

[ls671]

The concern for everybody is that it has to be decrypted at some point to be able to analyze the traffic and it would be decrypted outside your premises where you have no control. Heck you would even need to encrypt it with a public key for which you have no control over the matching private key!!!

And guess what? The other runs on the cloud! This all sounds great to me.

retro-spec

[turkeydance]

horse leaves barn.

Doesn't seem to have much to do with security

[fustakrakich]

...with customers like Netflix, Hulu, Expedia, Pandora and Universal Music...

It looks more like a geo-location service and VPN/Tor detector

Cloud Cloud Cloud Cloud

[SuperKendall]

Confused, where are they putting all the software again?

Re:Cloud Cloud Cloud Cloud

[xxxJonBoyxxx]

>> The sensors (12MB install package) record all network traffic wherever they're installed and stream it up to the ProtectWise platform

Cool, so I just install this on my router and...

>> Well, you can't install it there. Try a spanning port and set up a completely separate box to run our "sensor"

And how is this better than Snort from 2000 or so?

>> F***!

Re: Cloud Cloud Cloud Cloud

[xanthos]

Phffftt. 12MB! Is this thing written in Java? NetCat is only a couple of hundred bytes.

Re:Cloud Cloud Cloud Cloud

[Nunya666]

Right, and you're monitoring your network's (say) 10000 packets/sec link and UPLOADING that data duplicate at 10000 packets/sec to this Cloud service. May work at 100Mbs, not likely to work at 1Gbs. Oh yeah - compression - yeah that solves everything - and latency never matters.

How do startups succeed in getting headlines with ideas that can never work in the real world?

One of our networking guys told me we can't even monitor our network traffic for a single day because the volume would quickly fill our multi-terabyte SAN. Granted, we're a largish company with 350+ users at our corporate office, but still.

Maybe their service is geared towards smaller shops that would have smaller traffic volumes. But then how would smaller shops have the bandwidth for this service? I don't get it.

A private NSA competitor

[taniwha]

So now we have private companies setting up gross hoovering of network traffic worldwide - listening in to all the world's net traffic.

Why was it the powers that be want to get rid of good encryption again? certainly not to protect my credit card data when I buy stuff.

The time for crypto everywhere is now!

Re:A private NSA competitor

[transporter_ii]

Yes. Nothing screams security like copying every packet that crosses your LAN and storing it into the *cloud* somewhere. This is an NSA wet dream. They don't even have to take up their own drive space to store every packet, just get a warrant (hahaha) and get the data from Amazon.

Spam?

How do I disable targeted ads, masquerading as articles?

Hey, kids!

[kheldan]

Now you too can have your own little NSA! Spy on your network just like the big boys!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Woah Nelly!

[TheRealHocusLocus]

Does it come in a cereal box?

No, it comes in it's own damned planet. A planet like ours but much bigger, whose inhabitants have dedicated all their time and resources to the task of storing our planet's data streams so highly paid net-nerds can surround themselves with 'real time threat displays' while making knowing grunts of surprise, and giving tours of the NOC to doe-eyed CEOs, meanwhile getting zero productive work done..

Ping traffic (admin scripts and and early DDOS) sometimes grabbed 50% of all network traffic.
Email spam (in the days of open relays) at times comprised 50% of all traffic.
Netflix and Youtube video streaming now comprise 250% of all traffic.
Cloud service load balancing and proxy mechanisms use 150% of available backbone networks.
Cloud virtual process space sharing, where the same 'Hello World' apps bounce back and forth for no earthly reason, use a mere 100%.
The loading of ridiculously massive JPG images into tiny rectangles on webpages (with smart phones some now exceed 1000dpi) comprises 130% of all traffic.
People accessing web services that give real-time charts and summaries of traffic, use another 300% of all available bandwidth.
Now, net-nerds are going to use the cloud to duplicate the cloud so they can play it all back later. 200%.
Some 'net DVRs' will be installed on networks that already have one, to monitor (and capture) the copies of DVR data streams. 400%.
Two networks will try to DVR each other, resulting in a 'race condition to the finish' (Infinity%)

The network statistics shown above were obtained from Netcraft, by hacking into their website and placing them there.

Re:Tortured analogy...

[amiga3D]

That's what I was thinking. It's a fucking system to log traffic! What genius! How unique! They should quickly patent this.

Re:Tortured analogy...

[Nunya666]

I thought it meant a shared TiVo or cloud storage of traffic cameras or some bizarre thing like that. No, it just fucking logs packets.

I came here to say the same thing. I guess I'll go back to what I was doing. Which is nothing.

Re:Woah

[nazsco]

in journalism parlance this is called "reheating a press release".

in extremely slow days, the journalist, in this case a slash dot editor, just gets a press release that are sent to newspapers in troves every day, and publish as an original article.

nowadays you can see the same paragraphs in several tech sites and blogs because they all just reheat the same press release.

it's exactly the kind of thing that makes regular news suck, and what made slash dot meaningful in the past. now that this reached here, we all can leave.