EtherSensor is a real-time network traffic analysis platform for extracting application-level objects of user and system communications: messages, files, network events and other service-specific objects from L7 OSI (and even higher, "L8").
EtherSensor helps our customers to solve various Security Operation Center tasks in combination with DLP, SIEM, U(E)BA, eDiscovery, Enterprise Archiving, Enterprise Search, Data Access Governance systems and so on.
How EtherSensor works:
Captures raw data and reconstructs application-level objects
EtherSensor captures raw L2 network traffic from several 10 Gbps network adapters or PCAP files (BPF filtering is available), or gets the source data from ICAP clients or Lotus Notes transaction log.
Analyzes reconstructed objects
Using high-performance rule-based filtering mechanism, EtherSensor decides if the object must be dropped or it must be sent to a system-consumer using corresponding pre-defined results delivery profile.
Delivers reconstructed objects to the systems-consumers
The result of the application-level object/message analysis is its delivery to one or more systems-consumers. The same object may be delivered to several receivers at the same time. Each receiver gets the object in corresponding format, e.g. SIEM system receives a syslog string or NetFlow block with the object metadata, DLP system or eDiscovery system receives the message or file itself and so on.