Advanced Threat Detection with Core Network Insight

Network Insight

Get complete visibility into network threat-related activities.

Core Network Insight (formerly Damballa Failsafe) is an advanced threat detection system that automatically and accurately identifies hidden infections, in real time, on live traffic. Built on over a decade of scientific research and big data visibility, Network Insight is a mature, purpose built solution that provides definitive evidence to help responders rapidly prevent loss. While networks, DNS requests, and global malware patterns can be monitored through other means, Network Insight can provide both new and historical surveillance all in one place. 

An Agentless Solution to Identify Infections

Do you know the status of every device in your organization? Most security products only protect a fraction of all endpoints or require an agent to be installed in order to monitor them. This leaves far too many devices unwatched, including: security cameras, video conference units, MRIs, CT machines, SCADA systems, or even connected coffee makers and refrigerators. Network Insight is agentless, as well as OS and platform agnostic, covering any and every device in your network. 

No More Alert Fatigue

You’ll only hear from Network Insight when it’s time to act. When Core Network Insight confirms a device is infected by advanced persistent threats or malware, it presents a full case of evidence, prioritized by risk. This eliminates false positives, leaving only serious alerts that aren’t buried amongst thousands of benign notifications.

How Does Network Insight Work?

Identify infected devices and prioritize risk. 
Rest easy with Network Insight.

Personalized Dashboards

Personalized dashboards provide visual displays of findings, threats, and status updates. Get insights from critical data, including: 

  • Currently infected assets
  • Average infection age
  • Riskiest infected assets
  • Newly infected assets

A Catalog of Threats

Both Core Labs and Network Insight sensors gather valuable data on any number of types of threats in order to detect infections with certainty. This critical information is also gathered into a threat database that users can access at any time. Search by threat name or characteristic and find out all the details you need. Get general information like threat summaries, severity levels, and Core Labs research findings, as well as personalized information including activity your assets have had with suspicious domains.

Prevent What You Can, Detect What You Must

Cybersecurity strategies often focus on prevention, which is a critical component of network safety, but it’s not the only activity to consider. In today’s world of advanced threats, the benefits of detection solutions like Network Insight are just as clear and crucial:

Shorten the dwell time of infections

Our network appliance automatically and accurate detects active yet hidden infections within hours, minutes, and seconds instead of the weeks it takes an organization, on average, to find an infection.

Reduce risk of damage

The more time an infection spends on your network, the more harm it can cause your IT environment. Fast detection is the key to rapid removal.

Save time and resources

When Network Insight determines an infection is NOT present, it automatically closes the case.

No matter the threat, we can detect it.

Detect everything from the latest threats to enduring and dangerous infections like:

Key Features

Analyze Behaviors and Confirm Threats

Analyze network behaviors, malicious payloads, threat actor, and Advanced Persistent Threat (APT) activity. Verify evidence by passing information to an automated Case Analyzer which corroborates evidence. Once true positive infections are confirmed, risk-ranking is applied.

Threat Intelligence

 Network Insight provides extensive information on threats known to Core Security. Using the Threat Intelligence API, look up the status of a domain or url to determine if it is clean, unknown, suspicious, or malicious.

Alerting and Integrations

Network Insight can pair together with other tools to maximize cybersecurity. Instantly notify response teams via SIEM, SYSLOG, or email. Create tickets automatically in systems like Service Now or Jira Service Desk. Shorten remediation times by integrating with enterprise infrastructures like Checkpoint, Palo Alto, or Carbon Black.

Extensive Reporting 

Generate report types for different audiences with all the information you need. Get overall summaries in executive reports, in-depth details with incident responses, and evaluate your organizations infection management with infection life cycle reports.

See it in Action!

Divider text here