Barac’s Encrypted traffic visibility (ETV) platform inspects all network traffic for malicious threats in real-time without needing to decrypt it. Barac uses its collector to retrieve the metadata of all network traffic to be analysed without the need for decryption. The analysis is achieved through the use of Machine learning algorithms that look at over 200 different metrics (DNS, certificate
locations, etc…) and reconstitute the packet sequence using said metrics, giving each analysed sequence a risk score, should that score pass the threshold set by the client company it will be flagged and sent to the relevant SIEM/SOC as an alert. The fact that all of this can be done without the need to decrypt the data means Barac’s platform remains compliant with all regulations and also supports TLS 1.3 encryption as no sessions are decrypted. Each individual encrypted session setup is calculated allowing for complete correlation and comparison of new setups. The ETV platform looks for changes within the connection parameters
within each individual session. By understanding the known behavior, the ETV platform highlights the level of risk of each anomaly detected based on the 200 indicators.
Example Barac Indicators
As previously mentioned, Barac uses over 200 indicators (or metrics) in order to build a risk score.
Here are some indicators used in order to help build the risk score and detect malware activity