Blog
Experience Bricata Network Detection and Response in Minutes
By Andrew Weisman
Bricata Labs is a quick and easy way for security analysts and threat hunters to experience the full power of the Bricata network detection and response solution. In less than five minutes, we can spin up a private virtual lab where your company’s security team members can get a hands-on user experience of all the features and capabilities Bricata’s technology provides–without having to deploy it in your network.
To access your private Bricata Labs environment, simply send us a request and we’ll set it up for you. Once configured, a Bricata product and security expert will give your security analysts and threat hunters a 30-minute tour of the user interface and provide each user with login credentials, so they can explore Bricata on their own.
Get a Complete Real-World Experience
Each Bricata Labs installation uses real data and components, so your virtual test environment replicates one you would install yourself. We use the same images of the sensor, central management console, and APIs our customers deploy. Nothing is hidden. The only difference is that Bricata Labs doesn’t monitor live network traffic. Instead, we replay authentic PCAP files of network traffic data and malware.
Bricata Labs, through policy configuration, enables a selection of Suricata rules (commercial rules subscription included) most commonly implemented by our customers for analysis. We use the core Zeek scripts and various optional Bricata scripts, included in every installation, to generate metadata and perform network behavior analysis. As content is extracted from the network stream, it is inspected by our static analysis engine (machine learning). When a file is convicted, an alert with context is generated.
Users can pivot through preconfigured dashboards, alert views and metadata views or create and save new dashboards, filters, groupings and custom views. Each alert generated by the analytic engines includes rich context correlated with the detection. The ability to quickly pivot from alerts to metadata for triage and threat hunting, and then rapidly drill down through detailed metadata, provides a highly effective way to expedite resolution.
Once security analysts and threat hunters experience Bricata firsthand, they will see how it dramatically increases efficiencies in triage and response. Tying all of the available information together significantly reduces the “swivel chair analysis” they may experience today.
Try Bricata Without Installing
Bricata Labs is a great way to explore our product without having to install it yourself. You will experience the complete solution immediately without having to modify network permissions, change firewall settings, find compute or human resources to set up the installation, or sign nondisclosure agreements or other paperwork.
Compete in Bricata Labs to Capture the Flag
Bricata Labs also offers a capture the flag environment where groups or companies compete to answer specific threat hunting challenges. Participants are given a 45-minute overview of Bricata and presented with real-world scenarios. Analysts then have two hours to complete the competition (or progress as far as they can). Capture the flag is a great way to promote team building or develop new skills through friendly competition amongst peers.
Get Bricata Labs to experience Bricata for yourself quickly and easily with no hassle, paperwork or cost. Contact labs@Bricata.com to get started.
Andrew Weisman is a Senior Sales Engineer at Bricata. He works closely with Bricata’s prospects and customers to architect solutions for implementation in their networks. Andrew has spent more than 25 years in the information technology and networking markets in leadership roles and as a sales engineer and solution architect. For the last 10 years, he has focused on network security. Prior to joining Bricata, Andrew served as a Senior Sales Engineer for BluVector (acquired by ComCast), SS8 Networks, Telesoft Technologies and Endace.