What is NETSCOUT Omnis Security?

Omnis, or NETSCOUT Omnis Security is an advanced threat analytics and response platform that provides the scale, scope, and consistency required to secure today’s digital infrastructure.

What technology is NETSCOUT Omnis Security built with?

What technology is NETSCOUT Omnis Security built with?

NETSCOUT Omnis Security is built on the InfiniStreamNG (ISNG) and vSTREAM platforms. Using patented, and proven technology, this highly scalable instrumentation converts network packets into Smart Data to deliver comprehensive and consistent visibility across a disparate digital infrastructure. It’s this level of Visibility without Borders that enables Security without Borders.

Are the InfinistreamNG (ISNG) products any different when used for Omnis Security?

No, they are the identical products except for enabling a software license called an “Edge Adaptor.” For example, for an ISNG device to be used with Omnis Cyber Intelligence, one must enable the  “Edge Adaptor”. For an ISNG device to be used as an Omnis IDS Sensor one must enable the  “Edge Adaptor”.  You can find more information about “adaptors” in the Omnis Cyber Intelligence and Omnis product pages

What is contextual cyber investigation?

Contextual investigation is the research and analysis of a network security event, along with its relation to the network environment as a whole.

Security teams can use Omnis Cyber Intelligence to mine NETSCOUT Smart Data for real-time, high-quality insights that power highly contextual investigation and threat hunting. In a situation where seconds matter, that level of responsiveness helps security teams prioritize alerts and have the confidence to remediate threats faster.

Omnis integration

Does Omnis integrate with third-party tools?

Omnis Security is designed for holistic cybersecurity that works across today’s extended digital footprint. It combines highly curated threat intelligence from NETSCOUT and third parties with behavioral and advanced analytics to meld multiple methods of network-based threat detection. And Omnis Security uses open standards, APIs, and intuitive security workflows to easily integrate into existing security stacks and processes.

What are some of the main use cases for the Omnis Security solution?

Omnis Security has several use cases.  Here are a few…

  1. Network-based Threat Detection & Response – Comprehensive visibility provided by InfinistreamNG enables Omnis Cyber Intelligence and Omnis Intrusion Detection System to detect threats on the network -no matter where in the network they may reside (e.g. traditional internal network/data center, branch office, private/public cloud). Detected threat alerts are sent to existing security SIEM/SOAR. 
  2. Securing workloads before, during and after migrations to cloud (e.g. AWS) -Same use case as above except specifically for use with Amazon Web Services.
  3. Contextual Threat investigation – Upon threat detection via NETSCOUT Omnis Security or 3rd party solutions (e.g. Splunk / QRadar SIEM), Omnis Cyber Intelligence can be used to conduct highly contextual or unguided cyber investigations which can include session metatdata and full packet analysis.  The results of this investigation can be used to remediate at the perimeter (e.g. with Arbor Edge Defense) with confidence.
  4. Smart Perimeter ProtectionArbor Edge Defense (AED) can be used to detect & block inbound threats such as DDoS attacks and outbound IoCs from compromised internal devices.  Results of  Cyber Intelligence investigations can be used to influence remediation such as confidence to block at the network perimeter with Arbor Edge Defense or 3rd party migration device  (e.g. PaloAlto firewall).

What industry problems does the Omnis Security solution solve?

Omnis Security solves several challenges.  Here are a few…

  1. Secure Workload Migration to Hybrid-Cloud-As organizations migrate their applications/workloads to the cloud (e.g. AWS), they face new challenges associated with network performance and security. Fundamental to overcoming these challenges is visibility into all network traffic traversing any combination of an organization's internal data centers, private and/or public cloud environments. Organizations want the same level of visibility and network-based security for their new cloud or hybrid cloud environment as they had in the past for their legacy environments. Omnis Security provides this.
  2. Tool & Vendor Consolidation & Integration–As networking technologies and threats evolve, organizations have increased the number of security tools in their environment. This has caused complexity and inefficiencies in network-based threat detection and response. Organizations want to leverage open source, reduce the number of tools and vendors to reduce cost and improve scale and integration of security solutions. Omnis Security does this.
  3. Maximize Effectiveness of Staff–The increasing number and complexity of cyber threats and network environments have put tremendous pressure on security teams. Organizations want to leverage scalable technology and automation for more effective threat detection and response. Omnis Security makes Network-Detection and Response more effective and less costly.