The Keysight Network Visibility Architecture and the Vectra's threat detection and response platform work together to detect cyberattacks in progress amid the chatter of your network so security teams can quickly mitigate and prevent data loss.
Keysight’s Vision series of Network Packet Brokers (NPBs) passively direct out-of-band network traffic from multiple network access points – like SPANs, taps and virtual taps (vTaps) – to the Vectra platform for inspection and analysis. Traffic is aggregated from all network access points to provide comprehensive visibility.
The Vectra platform collects and stores the right network and cloud metadata and augments it with machine learning to detect all phases of persistent stealthy attacks, including hidden command-and-control communications, internal reconnaissance, botnet monetization, lateral movement and data exfiltration.
The automation capability in the Keysight Visibility Architecture integrates seamlessly with Vectra to enable a wide range of applications, including:
The Vectra network detection and response platform delivers high-fidelity security metadata – knowledge of what’s happening in every conversation – enriched with context specific to security applications, such as the names of hosts, existence of beacons and the privilege level of accounts. The genesis of the Vectra platform is based on a simple principle for finding hidden threats: Use an authoritative source of data and seek out the fundamental threat behaviors that cybercriminals can’t avoid when they carry out an attack. The Vectra platform delivers a far more efficient way of analyzing data at scale. Instead of traditional payload inspection, it uses AI, machine learning and behavioral traffic analysis to expose the fundamental behaviors of attackers as they spy, spread, and steal in the network and cloud – even in encrypted traffic.
Keysight’s intelligent visibility solutions complement the Vectra platform with fast, easy access to all required traffic anywhere in your hybrid environment— networks and data centers, or public clouds. The Keysight Vision NPBs simultaneously aggregate traffic from multiple SPANs, taps and vTaps in the network and direct it to Vectra. This ensures efficient access to asymmetric traffic across large heterogeneous networks. Traffic that does not require analysis can be filtered out by the Keysight Visibility Architecture to prevent Vectra's resources from being unnecessarily consumed. With the Keysight Visibility Architecture, traffic from network access points can be shared with multiple monitoring tools. This eliminates common SPAN/tap shortages that occur when another tool is attached to a needed access point. Keysight CloudLens also gathers traffic from public clouds thereby extending visibility into the cloud.