How Kindsight Security Analytics Works

Installed in the service provider network, the Kindsight Security Analytics solution analyzes fixed and mobile Internet traffic for malware from residential computers or mobile devices and maps these infections to the subscribers account (not just an IP address). The network-based signatures, which are continually developed and updated by Kindsight Security Labs, detect infections with low false positives.

Here are the four key components of the system and the main functions of each:

Network Intrusion Detection System (NIDS-8800)

Sensors are deployed at strategic locations within the service provider network, typically at an aggregation or peering point, to analyze traffic for evidence of malware infections without impact on network performance.

Alert Reporting Cluster (ARC)

The cluster contains several components that are installed at the service provider’s datacenter to process and store events from the sensors. It also triggers real-time actions against malware detected in the network.

Security Analytics Dashboard

A web-based dashboard helps providers see what threats are occurring within subscriber networks and on their devices. The dashboard measures the number of infected devices; malware types observed; historical trends, frequency and recency of specific malware; malware behavior summaries; periodic infection reports and outbreak incident bulletins.

Signature Update Service

Backed by the proven signature development and verification process of Kindsight Security Labs, the signature set provides thorough coverage with low false positives and is continually updated as the foundation of the Kindsight Security Analytics platform.