The Keysight Network Visibility Architecture and the Vectra's threat detection and response platform work together to detect cyberattacks in progress amid the chatter of your network so security teams can quickly mitigate and prevent data loss.
Keysight’s Vision series of Network Packet Brokers (NPBs) passively direct out-of-band network traffic from multiple network access points – like SPANs, taps and virtual taps (vTaps) – to the Vectra platform for inspection and analysis. Traffic is aggregated from all network access points to provide comprehensive visibility.
The Vectra platform collects and stores the right network and cloud metadata and augments it with machine learning to detect all phases of persistent stealthy attacks, including hidden command-and-control communications, internal reconnaissance, botnet monetization, lateral movement and data exfiltration.
By removing duplicate packets, Keysight NPBs can enhance throughput capacity.
The automation capability in the Keysight Visibility Architecture integrates seamlessly with Vectra to enable a wide range of applications, including:
Load-balancing traffic across multiple ports
Dynamically tightening filters to ensure that critical transactions are always analyzed when total traffic spikes over 10 Gbps
Redirecting traffic among multiple instances on a network to ensure high availability
Providing complete visibility into east-west traffic from virtual environments An intuitive GUI control panel makes Keysight NPBs easy to set up and use. Simply drag-and-drop a virtual connection between SPANs/taps and the Vectra platform to make a live connection.
Why integrate Keysight with Vectra AI?
Complete visibility into cyberthreats – The Keysight Network Visibility Architecture delivers to the Vectra platform all required traffic from anywhere in the network or cloud; 100% of traffic can be monitored, inspected and analyzed.
Simplified deployment – The Keysight/Vectra solution works flexibly in any network environment and shares access with deployed monitoring and security tools.
Easily scalable – Add additional 1-, 10-, 40-, or 100-gigabit ports as needed and dynamically adjust filters to meet any bandwidth requirements.
Maximum efficiency – The Keysight solution filters and removes unneeded traffic so the Vectra platform always operates at full efficiency.
Keysight’s intelligent visibility solutions complement the Vectra AI platform with fast, easy access to all required traffic anywhere.
The Vectra network detection and response platform delivers high-fidelity security metadata – knowledge of what’s happening in every conversation – enriched with context specific to security applications, such as the names of hosts, existence of beacons and the privilege level of accounts. The genesis of the Vectra platform is based on a simple principle for finding hidden threats: Use an authoritative source of data and seek out the fundamental threat behaviors that cybercriminals can’t avoid when they carry out an attack. The Vectra platform delivers a far more efficient way of analyzing data at scale. Instead of traditional payload inspection, it uses AI, machine learning and behavioral traffic analysis to expose the fundamental behaviors of attackers as they spy, spread, and steal in the network and cloud – even in encrypted traffic.
Keysight directs traffic to the Platform and the Vectra X-series appliance
Keysight’s intelligent visibility solutions complement the Vectra platform with fast, easy access to all required traffic anywhere in your hybrid environment— networks and data centers, or public clouds. The Keysight Vision NPBs simultaneously aggregate traffic from multiple SPANs, taps and vTaps in the network and direct it to Vectra. This ensures efficient access to asymmetric traffic across large heterogeneous networks. Traffic that does not require analysis can be filtered out by the Keysight Visibility Architecture to prevent Vectra's resources from being unnecessarily consumed. With the Keysight Visibility Architecture, traffic from network access points can be shared with multiple monitoring tools. This eliminates common SPAN/tap shortages that occur when another tool is attached to a needed access point. Keysight CloudLens also gathers traffic from public clouds thereby extending visibility into the cloud.