Supercharge Firewalls with intelligence through machine learning, built-in threat intelligence and integrated applications
Second set of eyes
Firewalls are for Enforcement
Firewalls are the first line of defense in any network security framework. The primary purpose is to inspect network traffic in real time and determine whether to allow or block specific traffic based on a set of security rules defined by administrators. The traffic volume can be significant and legacy Firewalls have limited resources in terms of processing power and storage size. Thus the Firewall has limited intelligence itself and it is usually optimized only for policy enforcement.
Firewall Traffic Analysis [FTA]
Starlight aggregates, parses and normalizes traffic log data from multiple Firewalls, which can be from different vendors such as Check Point, Palo Alto Networks, Fortinet, and Sophos. Interflow records create context for these logs by fusing together many other data sources like Threat Intelligence, Geolocations, host or domain names, and user names. Both real-time and historical advanced analysis of contextual data are performed through machine learning.
Starlight is a software application architected with container-based micro-services and a data lake for big data. It processes and stores large amount of Firewall logs turned Interflow records, and scales for more processing power and available storage capacity. Security analysts can perform Google like search on Interflow records for forensics and threat hunting. Respond to detected advanced threats by blocking attackers’ IP through API calls to Firewalls. These interactions can be done either manually or automatically.