Sold by: LinkshadowÂ
Deployed on AWS
LinkShadow vSensor is part of the LinkShadow platform. LinkShadow is a Next Generation Cyber Security Analytics Platform including, Threat Hunting: best-in-class threat hunting capabilities empowered by heavy and extensive machine learning algorithms to detect the most sophisticated cyber-attacks. Behavioral Analytics: Track unusual activities by users or on entities, monitor unusual traffic and suspicious connections, discover and categorize all entities automatically in the network. LinkShadow vSensor receives traffic from VPC traffic mirrors or packet brokers and requires an on-premise or cloud Master appliance for detailed analytics.
Overview
LinkShadow Network Detection and Response (NDR) ingests network traffic and uses machine learning to detect malicious activity and to understand security risks and exposure. It combines detection for known attack behavior with the ability to recognize what is typical for any given organization, flagging unusual network activity or session that can indicate an attack. Once a malicious activity is detected, LinkShadow NDR responds using third-party integration like firewall, Endpoint Detection and Response (EDR), Network Access Control (NAC), etc. NDR solutions analyze network traffic to detect malicious activity inside the perimeter - otherwise known as the east-west corridor - and support intelligent threat detection, investigation, and response. Using an out-of-band network mirror port, NDR solutions passively capture network communications and apply advanced techniques, including behavioral analytics and machine learning, to identify known and unknown attack patterns. This data can also be used to perform a real-time investigation into activity and investigate incidents. The sensor appliance has to be integrated with a LinkShadow Master Appliance which may be on-premise or in the cloud for the analytics.
Highlights
- Identity Intelligence
- AI Powered Engine
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 20.04
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Contact your Linkshadow sales representative
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
4.6.9 ubuntu
NETWORK ANALYTICS
cron-network-GO bug fixes and optimization
cron-network-hourly-GO optimization (using sharding method for scalability)
Realtime DHCP master-sensor reading changed from zmq to redis queue (Commented code to delete mac address from ipMacMapLast)
Commented old portscan detection
networkAnalyticsConfig.json is added in common module for scaling
Added asset categorization (classification, os detection, endpoint security)
Fix bug in getting mac address of an ip address
Add new subnet detected anomaly
Add Previous connection per minute
PCAP
Anomaly PCAP saving bug fixes
SYSTEM CONFIG
Improved method to get processor type in common system config
Rule Processor
MAJOR UPDATE: Usecases are now moved to version 2. No backward compatibility with version 1
Detects anomalies sent from network analytics (Network Scan, Port Scan, New Subnet)
The system now dynamically starts separate processes for DNS, Connection and all other logs based on the available resources.
Multiple new usecases.
Additional details
Usage instructions
Create a key pair to use while creating the instance. This key will be used to login to the appliance using the user lsuser. Deploy the instance with two extra volumes attached, The first disk is for analytics data storage and the second is for saving the pcap capture.
Wait approximately 10 minutes before logging in. SSH (login with your ssh key as username 'lsuser') if only one NIC was present during the deployment, stop instance and add second interface for SPAN traffic. The management interface can be used as syslog and netflow destinations from monitored appliances. Second interface will be used as traffic mirrorring destination. Allow vxlan(udp/4789) in inbound Security Group rules.
Log into the web UI: use https://[eth0-IP]. Ensure your security groups allow access.
Apply the license got from the LinkShadow Contact person. Integrate with the on-premise/cloud LinkShadow Master appliance using the IP/FQDN of the Master Appliance. vSensors management IP should have access to TCP port 22 and 443 of the master appliance.
Resources
Vendor resources
Support
Vendor support
support support@linkshadow.com +97144087510
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.