How Bricata Works

Advanced Network Detection & Response | Total Visibility & Traffic Analytics | Threat Hunting Repository

The First Truly End-to-End Network Security Platform for High-Performing Security Teams

Unparalleled Visibility that Instantly Enhances Security

Cloud-ready Smart Sensors let you instantly see it all, alerting you to what you’re looking for and seeing the things you don’t know about.

Total Context for Immediate Understanding of Alerts

We use SmartPCAP as the ground truth from network traffic and link this context immediately to detected threats.

Easy Network Instrumentation

Bricata combines network visibility, forensics and detection in a single sensor deployed as a virtual machine, physical device or cloud appliance.

Downstream Visibility & Tuning Across Repositories & Tools

Leverage the 360° visibility from Bricata to help all of your other tools get better and easily integrate response workflows.

Long-term Repository for Forensics & Real Threat Hunting

We retain longer-term, session-based context in data nodes that links high fidelity network metadata directly to events no matter when they occured.

Cloud-hybrid Software that’s Agnostic & Scalable

Pay for just the throughput you need, no hidden costs, a completely hardware agnostic platform that grows with you.

Bricata How It Works C Unparalleled Visibility

Unparalleled Visibility that Instantly Enhances Security

Cloud-ready Smart Sensors let you instantly see it all, alerting you to what you’re looking for and seeing the things you don’t know about.

Bricata How It Works C Total Context

Total Context for Immediate Understanding of Alerts

We use SmartPCAP as the ground truth from network traffic and link this context immediately to detected threats.

Bricata How It Works C Easy Instrumentation

Easy Network Instrumentation

Bricata combines network visibility, forensics and detection in a single sensor deployed as a virtual machine, physical device or cloud appliance.

Bricata How It Works C Downstream Visiblity

Downstream Visibility & Tuning Across Repositories & Tools

Leverage the 360° visibility from Bricata to help all of your other tools get better and easily integrate response workflows.

Bricata How It Works C Forensics

Long-term Repository for Forensics & Real Threat Hunting

We retain longer-term, session-based context in data nodes that links high fidelity network metadata directly to events no matter when they occured.

Bricata How It Works C Cloud Hybrid

Cloud-hybrid Software that’s Agnostic & Scalable

Pay for just the throughput you need, no hidden costs, a completely hardware agnostic platform that grows with you.

Bricata How It Works Bricata Logo
1
2
3
1
2
3
1
Third Party Tools
  • Cuckoo Sandbox
  • Yara
  • Remnux
  • Enigma
  • Evalaze
2
Third Party Tools
  • Splunk
  • Elastic
  • QRadar
  • Arcsight
  • Sumo Logic
3
Third Party Tools
  • CloudShark
  • WireShark
  • Tcpdump
  • Enigma
  • Evaluate

A Balanced, Intelligent NDR Platform
for the Modern Enterprise

Bricata How It Works Desktop Alert

Real-time Network Visibility & Forensics

Bricata’s ready-to-use, self-configuring system is easily deployed to enable total network visibility, advanced threat detection, integrated response and threat hunting in just a minutes

  • Eliminate Blind Spots with Network Instrumentation & Intelligent Detection
    • Bricata’s smart sensors deliver complete visibility that you can easily customize, configure and instrument for complete network coverage.
  • See Everything with Network-Truth SmartPCAP
    • Bricata intelligently captures and stores network traffic packet data and ties it directly to alerts produced via our 360° analysis process.
  • Understand Everything with High-Fidelity Network Metadata
    • Bricata extracts rich network metadata from every transaction using the Zeek Traffic Analyzer allowing you to gain a better understanding about what’s actually happening on your network.
    • Bricata automatically examines files being transmitted within your network traffic for malicious attributes, securely storing convicted items for review by the analyst.
  • Share Visibility with 3rd-Party Tools through Open APIs
    • Share, stream and export your optimally tuned and context-rich data to any logs, repositories or tools to share visibility and insights gathered from Bricata.
Bricata How It Works Desktop Threat Detection

Full-Spectrum Advanced Threat Detection

Multiple detection engines and methods analyze network traffic from all angles to optimize detection and deliver much higher detection rates and very low false positives

  • Deep Packet Inspection (DPI)
    • Bricata sensors inspect and classify raw network packet traffic in real-time as it passes through at scale.
  • Known Threat Detection (Signature)
    • Bricata automatically analyzes every transaction for known indicators applying over 50,000 signatures to every communication to identify potential threats.
  • Anomaly & Behavior Based Detection
    • Bricata analyzes network behavior by analyzing in real-time the high-fidelity  metadata that is extracted by the sensor. Normalized or baseline state’s can be maintained and compared against current behavior to detect any deviation or anomaly occurring on the network.
  • AI-Based File Analysis and Conviction for Zero-Day Threats
    • Bricata automatically analyzes files not identified as known malware through MD5 hash matching to its ML-based engine for static analysis catching zero-day or unknown malware threats.
  • Threat Hunting to Track Down the Unknown
    • Leverage your team’s wet-ware to proactively research hypotheses in our longer-term repository to find unknown threats, better understand your network, and add a layer of sophistication to detection.
Bricata How It Works Desktop Threat Hunting

Best-in-class Threat Hunting Capabilities

Use a single powerful repository to conduct efficient and sophisticated research

  • Supporting Threat Research
    • Threat Hunting
      • Hypothesis-driven – looks to either prove the existence of a threat or satisfactorily explain strange network behavior.
    • Threat Investigation
      • Alert-driven – looks to validate the threat, follow its spread, and assess its damage, or to prove that it is a false positive.
    • Network Visibility
      • Curiosity-driven – looks to answer non-threat related questions about network traffic behavior to gain insight into normal operations.
  • Robust Repository & Threat Hunting Toolset
    • A fully-indexed repository of rich network metadata
      • The Zeek data from each sensor is aggregated at the CMC for rapid and efficient search. If the analyst needs to go deeper, they can request PCAP (actual network packets) from the Bricata sensor grid in a single click.
    • Intuitive and Productive User Experience
      • Threat hunting requires an intuitive graphical user interface that drives productivity. Each analyst can create views and workflows that align to their role or need in a matter of clicks.

Get to the ground truth

Bricata helps enterprises reduce time-to-discovery and time-to-containment by providing visibility into their networks with advanced threat detection, and by enabling threat hunting to identify unknown threats.

See Bricata’s Power At Work

TAKE THE TOUR
Bricata How It Works Program Dashboard

How it Works

Next-Gen Sensors

Total network visibility of internal and web-bound traffic

Powerful Centralized Management

Cusomizable dashboards for response, analysis, forensic investigation and threat hunting

Smart Data Nodes

Intelligently extracts and stores rich network metadata within a smart/scaleable repository for efficient threat hunting and incident response

1
2
1
Data Repository & Tools
  • Fully-Indexed Rich Network Metadata
  • Drill-Down to PCAPs
  • Goal-Oriented Expert System Workflows
  • Visualizers and Analyzers
  • Global Lookups and Exports
2
Centralized Management
  • User Interface Visualization, Investigation, Analytics
  • Alerting Dashboard
  • Centralized Systems Management
  • Threat Repository Manager
1
2
1
Data Repository & Tools
  • Fully-Indexed Rich Network Metadata
  • Drill-Down to PCAPs
  • Goal-Oriented Expert System Workflows
  • Visualizers and Analyzers
  • Global Lookups and Exports
2
Centralized Management
  • User Interface Visualization, Investigation, Analytics
  • Alerting Dashboard
  • Centralized Systems Management
  • Threat Repository Manager

Cloud-Native NDR that Delivers Superior Detection & End-to-End Visibility Anywhere & Everywhere

SECURITY TEAMS

See Why The Enterprise
Security Teams Choose Bricata

Why Bricata
Who Uses Bricata
Use Cases

LOVE BRICATA

Learn with Us

Data Sheet
Cloud Retention Datasheet
Security teams can significantly reduce risks when they have easy access to the critical network data...
Read More
Data Sheet
See & Secure the Cloud Datasheet
Cloud networks have the same security risks as on-prem, but also carry many new architecture, control...
Read More
Data Sheet
Cloud-Native NDR for the Modern Enterprise
Bricata is leading the industry with a comprehensive NDR and threat hunting platform. Learn how Bricata...
Read More
Take a Tour
Get a Live Demo

Bricata is the industry’s leading network detection and response platform, fusing signature inspection, stateful anomaly detection, and machine learning-powered malware conviction to empower security teams to detect, respond, hunt and defend against threats.

©2020 Bricata All Rights Reserved

Site Map | Privacy | End User License Agreement