An introduction to Barac
What is Barac?
Barac is a cybersecurity company that specialises in solving the issues brought about by web traffic blindness, a new but very dangerous problem facing companies today where, due to new regulations and the introduction of TLS 1.3, companies are unable to decrypt data entering and leaving their network. This has opened the door to hackers who use encryption to hide their attacks, making them near invisible to the company they are attacking. As the graph below shows, the volume of encrypted traffic is increasing rapidly by almost 40% over the last 5 years. However, the number of attacks using encrypted traffic is growing at a similar rate. Therefore, the need for a solution to web traffic blindness is paramount.
The ETV platform:
Barac’s Encrypted traffic visibility (ETV) platform inspects all of a company’s network traffic for malicious threats in real time without needing to decrypt it. Barac uses its collector to retrieve the metadata of all network traffic to be analysed without the need for decryption. The analysis is achieved through the use of Machine learning algorithms that look at over 200 different metrics (DNS, certificate locations, etc…) and reconstitute the packet sequence using said metrics, giving each analysed sequence a risk score, should that score pass the threshold set by the client company it will be flagged and sent to the relevant SIEM/SOC as an alert. The fact that all of this can be done without the need to decrypt the data means Barac’s platform remains compliant with all regulations and also supports TLS 1.3 encryption as no sessions are decrypted.
In order to collect the relevant metadata to be analysed by the ETV Barac uses a collector(s) to take all data sent to it by the Span/Mirror/Tab port and converts it onto metadata to be analysed. The collector(s) take the newly converted metadata and sort it, before forwarding the data flow to the ETV platform via a TLS tunnel.