Description
This is the month-to-month Splicecloud virtual light probe subscription.
The Splicecloud virtual light probe is used where underlay network infrastructure does not allow for the export of flow records (i.e. Splicecloud zero-touch is not an option), or where there is a requirement to ensure metadata is encrypted all the way through to Splicecloud.
Splicecloud virtual light probes can operate in one of two modes:
- consuming port mirror / span port traffic, converting this information into flow records, and forwarding flow records encrypted through to Splicecloud
- consuming exported flow record from the underlay network directly within the customer environment, and forwarding these flow records encrypted through to Splicecloud
Virtual light probes can be deployed as Hyper-V, VMWare and KVM images.
Metadata received by correctly configured virtual light probes will be visible in the Splicecloud dashboard within 5 minutes. The standard Splicecloud tenant can process up to 10k flow records per virtual light probe per hour. The Splicecloud analytics engine applies machine learning models to the observed flows, leveraging the near-deterministic nature of OT network communication patterns to keep watch over the OT network, highlighting only anomalies and outliers.
Features
- No hardware requirement
- Node and services detection
- Probe triage required to convert into behaviours
- Behavioural analysis
- Outlier detection
- Visibility where underlay infrastructure does not support Netflow/Sflow
- Metadata transfer is encrypted through to Splicecloud
- One-way channel, no back channel to the OT network
- Cannot provide automatic node identification
Requirements
- VMWare, HyperV or KVM infrastructure required
- Probe IT facing port must be able to reach Splicecloud
- Customer to commission virtual light probe, including configuration of flow export or port mirror / span port and required firewall rules
Splicecloud standard Terms and Conditions are available here.