Core Security, a leader in Vulnerability, Access Risk Management and Network Detection and Response, announced the availability of Core Network Insight 6.3. The new offering includes enhancements like Retroactive Analysis, which allows users to "look back in time" at metadata from before a device started to act suspiciously, and new behavior profilers.

Core Network Insight is an advanced threat detection system built on nearly a decade of scientific research and big data visibility. It automatically and accurately identifies hidden infections in real time on live traffic. When Core Network Insight confirms a device is infected by advanced persistent threats or malware, it terminates criminal communications and presents a full case of evidence, prioritized by risk – thus, no more chasing False Positives. 

"Organizations are constantly looking for better, correlated data to help them conduct more thorough investigations into incidents to protect from data breaches," said Stephen Newman, SVP of Product Management at Core Security. "Our new retroactive analysis capability provides more historic context, helping to speed along these investigations. In addition, the addition of the transaction and contextual profilers continue to make Core Network Insight the most robust solution for detecting the myriad of ways and patterns that criminal operators use once they have penetrated a network."

New features in Core Network Insight 6.3 include:

• Enabling Hunting of Network Communication Data:

• Retroactive Analysis - Network Insight 6.3 now stores metadata on all observed internet bound communications, enabling the retroactive discovery of command and control communications that occurred days prior to knowledge of the destinations being malicious. This allows administrators to search stored historical network communication metadata for investigations.    

• New API Support – Allows users to interact with the product and pull data via RESTful API.

• Driving Innovation Into Advanced Threat Detection:

• New Transaction Profiler – Detection technique that detects malicious traffic using packet payload analytics.

• New Contextual Profiler – Detection technique that identifies related domain sets used by malware to communicate to peripheral (non-C&C, human usable) legitimate domains.

• DNS Tunneling and TOR Detection- Enhanced DNS tunneling and TOR Profilers are included as events in SIEM outputs from Network Insight and in the evidence timeline. 

• New Deployment Options: Virtual Sensor –Ideal for remote locations and branch office deployments.