Solera DeepSee, powered by SoleraSix, allows you to respond swiftly and efficiently to any security event, unlocking captured network traffic data to get the answers you need.
DeepSee Dashboard
DeepSee Dashboard gives you the freedom to create customized views for your different workflows. You can start with the pre-built defaults and modify them or create your own by adding new report widgets that display summary data in table, pie, bar, or column chart. Drag and drop widgets to create your preferred view. No matter your preference, the summary view gives you complete situational awareness in a single view.
Actions and Alerts
The DeepSee Actions and Alerts engine allows security professionals to automate notification of targeted events in real-time. Actions can be created for suspicious, malicious, or prohibited behavior and the analyst will be notified immediately upon rule trigger.
The DeepSee Actions and Alerts engine enables analysts to automate common tasks such as checking for traffic against a list of known bad sites, notification of unknown applications on the network, or alerting to the presence of encrypted traffic on non-standard encrypted ports. Automating the execution of certain established workflows saves valuable time and real-time alerts enable instant response and swift resolution to security events.
Reporting
Every second matters when battling network security threats. DeepSee Reports allows you to pivot instantly from the summary view to a full report on any network activity recorded by Solera DeepSee. DeepSee Reports delivers instant and accurate information giving you the freedom to work with results the moment they are returned and allowing you to respond to incidents as they unfold. Sample reports include Applications, Email Sender/Receiver, Social Persona, File Names, IPv4 Source / Destination, HTTP Referrer, and many more.
Root Cause Explorer
Root Cause Explorer is the incident responder “Easy Button.” Using extracted network objects, the tool reconstructs a timeline of suspect web sessions, emails, and chat conversations. By automatically enumerating these events, Root Cause Explorer helps the analyst to quickly identify the source of an infection or compromise and reduces time-to-resolution.
Reputation Services
Solera DeepSee integrates with freely available and commercial reputation and malware feeds. With a simple right-click, the analyst can check the integrity and reputation of any URL, IP address, file hash, or email address against multiple services at once. Current integrations include ISC/SANS, VirusTotal, and ClamAV and more are being added regularly.
Extractions and Artifacts
DeepSee reconstructs recorded network traffic into the original documents, images, messages, and files that traversed the network making full event reconstruction possible with impressive speed. Every packet is recorded, classified, and indexed, making quick discovery, reconstruction, and delivery of files in their original formats easy and intuitive. Reconstruct email attachments, windows file transfers, PDF, Word, PowerPoint, Excel, and more, giving you full visibility into everything on your network.
In the object timeline view, the analyst can easily track file trends. Show all activity over time for a single user or all file-type activity over time for all users.
Web, Email, and Chat Reconstruction
See the web page as the user saw it. Review IM and email conversations for clues to identify the source of a security event. Because Solera DS Appliances capture every packet crossing your network, Solera DeepSee is able to reconstruct the historical view of web pages, not just provide a link to today’s current view. The source of many of today’s threats begin with a compromised website or malicious link in an email or IM. Trace the threat back to its origin and view exactly what a user saw or clicked on.
Media Panel
Nothing tells a story like a picture. When it comes to enforcing acceptable use policies, Media Panel lets you quickly view every image that crosses your network and more importantly, helps you identify who is viewing those images.
Favorites and Groups
Just like saving favorites in your browser, DeepSee lets you save custom search queries or filters for future use. Quickly execute popular searches to uncover common threats, malware, or suspicious traffic. Import lists of open source or internally generated threat data to use in searches throughout DeepSee to identify, correlate, and corroborate suspicious events or behavior. You can also pre-define criteria for active surveillance on an individual, server, or any network segment.
Once a favorite is defined, it can be used anywhere in DeepSee by entering it’s name in the filter bar. Solera DeepSee includes many pre-configured common Favorites, which you can use as templates to customize and view quick and accurate results.
Metadata Retention
In addition to storing many days of full packet data for complete near-term analysis, security and incident responders prefer long-term trend analysis on network traffic to evaluate anomalous or suspicious behavior. Unfortunately, storing a full year of full packet data is often not realistic given the amount of storage required. With Configurable Metadata Retention, analysts can devote a portion of storage in a DS Appliance to full-packet capture and another portion to metadata storage. This allows an analyst to optimize their system to retain an appropriate window of full-packet data, maybe a week or month’s worth, while still allowing them to maintain a year’s worth of network metadata for long-term trending analysis.
PCAP Import
PCAP Import allows the user to import data into DeepSee for analysis using the same rich toolset as if the Solera DeepSee Appliance directly captured the data. Data can be imported from any industry standard PCAP file. PCAP Import is a great tool for analysis of historical data, comparing captured data to a “known good” baseline, and to play captures back onto the wire to verify the effectiveness of remediation measures and policy enforcement tools.
Geolocation
With DeepSee Maps and Google® Earth integration you have an unprecedented view of the origin and destination for all network traffic. Identify patterns and concentrations of traffic traveling to and from non-traditional locations. Zoom in on specific paths and flag IP addresses, locations, or even countries that come across as suspicious. View abnormal traffic patterns, reducing your time to resolution, and export any network traffic as a .kml file to import directly into Google Earth.
Packet Analyzer
No need to transfer huge PCAP files over the network. DeepSee includes a full-featured packet analyzer integrated into the web interface. With the Wireshark filter syntax, you’ll never have to leave the DeepSee UI to conduct your deep analysis, Filtered results are always one click away.
Auto Complete
Not sure how to structure a query in DeepSee? Auto complete gives you a head start for creating effective search or display filters. For example, start typing “ipv” and you will be presented with proper search syntax options like ipv4_destination, ipv4_initiatior, ipv4_responder, etc.—allowing you to get the results you want quickly.
