Know the unknown.
An ML/AI-driven threat detection engine built on top of a user-friendly, searchable archive of all network communications. Insight is an affordable alternative to other complicated SIEM and network security tools.
"It's really eye-opening."
“Network Flows are a game changer because they allow us to quickly search any communication with a potentially malicious IP. This provides substantial forensic assurance beyond just basic alerts, and gives us confidence about whether an issue is a false positive or real. Also, we can fine-tune our searches by specifying destination or source ports of interest in our query."
What is Insight?
A unique network-based tool that fills in the gaps between the firewall and the endpoints, offering detection, response, and visibility powered by an enriched network flow archive. An intuitive interface lets you (and our team) cut through the noise and hunt for network Flows and critical Signals quickly.
Broad Attack Visibility
Endpoint monitoring tools can only tell you what they know from their perspective. Insight Flows spans the network gaps with an archive of every endpoint conversation. Going beyond traditional signature-based IDS alerts, Insight also provides ML/AI-based anomaly detection and flow-based Signals customized to your network environment.
Stop Tool Sprawl
Our customers often complain that their existing enterprise SIEM and NDR tools are overly complicated, confusing, and expensive. Insight aims to provide a simplified solution, backed by our Managed SOC. A practical alternative focused on features that provide maximum impact with affordable, predictable pricing.
The Power of Insight Flows
Insight's detection engine is built on top of an archive of enriched network flow data. The injested mirrored traffic and flows from other devices are stitched together and the standard network metadata is supplemented with useful data points like ASN, geolocation, threat intelligence, and application-specific protocols. This searchable archive in Nomic HQ is a life-saver for threat hunting, incident response, and network troubleshooting.
Trust but verify.
As more IT leaders focus on Zero-Trust implementations across their organization, Insight serves as an independent observer of network traffic and an ad hoc “auditor.” Lean on flow-based Signals to monitor for violations of your ZTNA policies, and catch those misconfigurations before they get exploited.
How Insight Works
North/South & East/West Visibility
Insight provides deeper visibility into external internet traffic, and laterally across the internal network. This reach provides deeper context for alert analysis and network troubleshooting, and reaches across the entire internal environment, shining a light on OT, SCADA, legacy servers, and other shadow IT that endpoint solutions typically cannot protect.
Critical Event Signals
Automation saves precious time, particularly for small teams that are already stretched to the limit. Signals are automated alerts built on top of custom Flow filters, anomaly detection algorithms, and even filters built for traditional rule-based Outpost alerts. Designed to cut through the noise, they notify the security team when critical events occur, and can be configured to work with your team's existing tools, like Microsoft Teams, Slack, or traditional email.
Enriched Network Flow Archive
An independent set of eyes beyond firewall and device logs, Flows tell the story of every conversation happening on your network, in real-time. Powered by HQ's lightening fast and intuitive search filter, the Flow archive can go back in time to answer detailed questions about your network's traffic much quicker and easier than digging through firewall logs or querying a SIEM.
ML/AI-Driven Anomaly Detection
It's easy to overhype AI's influence on network security, but machine learning and AI play a critical role in identifying anomalous behavior on the network. Insight leans on ML/AI for both security and network health, pointing out rare communications, new or hidden devices, rarely-used application protocols, or unique spikes in throughput or latency that are worthy of investigation.
Flow-Based Filtering
Nomic HQ's powerful Flow filtering and saved search functionality allows teams to create customized monitoring of network traffic specific to their environment. Flow-based filtering uncovers previously unseen communications with foreign countries or interesting ASNs, and acts as an audit tool for network segmentation policies. It really shines as an ad hoc search tool for troubleshooting network issues and threat hunting.
Country, ASN, and Network Analysis
Through HQ, Insight offers a unique summary of all communications for any network, ASN, or country. Powered by Insight Flows, these views offer powerful aggregations of inbound and outbound network traffic, summarized by port, application protocol, IP, ASN, country, and more. Each summary can be filtered by volume in bytes or flow count, and each aggregation pivots back to filtered Flows for a deeper dive.
Unique Use Cases
Avoid Painful Network Policies
Close the Loopholes
Network Troubleshooting
Ensure your organization's cybersecurity is up to date with our managed NDR suite.
Outpost
Nomic Outpost is the first line of defense in a defense-in-depth strategy, dynamically identifying and blocking inbound and outbound threats, and hiding your network from threat actors. By positioning itself in front of the firewall and all public-facing assets, Outpost stops scans, exploits, and reconnaissance before they start.
HQ
Nomic HQ is a cloud-based platform that puts you in the driver’s seat. Manage all Nomic devices, filter through events, create custom threat feeds, and see all your support tickets in one place. HQ pulls it all together in a unique and intuitive offering that leverages powerful filtering tools to simplify analysis and save you time.
FAQs
Insight Flows provide an archive of all network traffic; a “Network DVR” that can be queried quickly to provide context before, during, and after an event or security incident. In addition to being the foundation for Flow Search and ML/AI Signals, Flows provide context for alerts, and can be used to inform security policy decisions. These insights are critical to speed up response times, prevent future false positives, and avoid potential business disruptions.
No, but Insight's Flows, Alerts, and Signals can serve as a more affordable alternative to costly SIEMs, providing an intuitive archive of network traffic, customizable Signals specific to your network, and real-time alerts. Even if it doesn't check all of the SIEM's boxes, many of our customers prefer Insight's simplicity and ease of use over most SIEMs' clunky experience and higher costs.
All NDR solutions should provide alerts for anomalous behavior, highlighting unique network traffic worthy of further investigation. Insight goes a step further, providing a complete archive of network Flows. These Flows are useful for pivoting off of an alert, researching potential issues with a network policy decision, or simply pinpointing a problem while troubleshooting the network.