New York Office
632 Broadway, Suite 803
New York, New York 10012
4380 SW Macadam Ave
Portland, Oregon 97239
Advanced Threat Detection
R-Scope is a powerful network security sensor for threat hunting and threat detection. Providing network activity in context gives the clearest view of genuine threats, faster. Incident Responders beneﬁt from R-Scope’s balanced output that is 100x richer than competing approaches at a fraction of the storage footprint and cost. R-Scope identifies threats quickly and enables rapid and thorough remediation.
R-Scope is available in multiple form factors to meet a variety of enterprise deployment requirements. For traditional data centers, R-Scope is available as a 1U appliance, variably priced according to throughput requirements. Software-only offerings are available for deployments that require more flexibility. Contact Reservoir Labs for cloud deployment. All R-Scope offerings are fully hardened and supported for the most demanding business environments. Support and Services are provided in-house by qualified Reservoir Labs engineers.
R-Scope offers significant opportunity for on-box analytic deployment for data enrichment. Leveraging R-Scope’s on-system development environment, security teams can develop, test and deploy a variety of analytics to tune data output and ensure a clear and simple lens through which to evaluate network traffic. R-Scope accepts all open-source Zeek/Bro scripts; additionally Reservoir Labs offers a curated set of tested community scripts as well as custom analytics uniquely valuable to enterprise users.
R-Scope sensors provide in-depth network traffic analysis by inspecting all bi-directional network traffic. Using it’s programmable analytic engine, R-Scope produces rich network metadata capturing protocol event detail, application services, files, and content on the network. R-Scope offers network analysis at scale, using patented technologies designed and developed by leading experts on high-performance networking.
R-Scope is architected for professional enterprise management. Bringing a fresh DevOps perspective to security, R-Scope integrates with Ansible for sensor management. This approach allows security and IT teams to manage not just sensors but whole enterprises from a single pane of glass, bringing control and visibility across the organization’s entire workflow, without incurring the downside of vendor lock-in that is frequently the price of ease of management.
While full packet capture is appealing as a source of data, particularly in the case of incident response, it can be prohibitively expensive, both in terms of storage costs and also potentially in terms of process overhead. R-Scope’s Selective Packet Capture (SPC) feature allows users to decide what to capture and when, then fully automate distribution of those captured network packets to other tools or offline storage for later analysis.
R-Scope is designed for seamless integration into any organization’s security operations workflow, with analytics that can be pulled directly from Git or Intel repositories. R-Scope is equipped with an innovative on-system development sandbox that enables threat research teams to rapidly develop, test and deploy analytics/intel quickly and efficiently.
Reservoir offers a curated repository of community scripts as well as proprietary analytics that provide powerful ready-to-go threat hunting capabilities. Following are examples of the data enrichment and hunt analytic use cases available. Please contact Reservoir Labs to discuss your team’s specific priorities.
R-Scope equipped with Zeek protocol analyzers and seasoned analytic scripts can provide valuable metadata and events to enable threat hunting with encrypted protocols such as SSH, SSL, SMTP/TLS. Eliminate encrypted traffic blind spots without compromising privacy.
Use our customizable, heuristics driven analytics such as “Producer Consumer Ratio” (PCR) and others to detect data exfiltration over encrypted or unencrypted protocols.
Baseline your network for top talkers, protocols, ports, URLs quickly and use these to drive behavioral anomaly based detections right out of the box.
Alleviate event fatigue and fine-tune R-Scope to analyze and log events only for the file types you choose to investigate and hunt.
Detect and hunt for Personal Information Identification (PII) leaks such as SSN and Credit card information over unencrypted channels using custom R-Scope analytics.
Integrate R-Scope’s fully customizable, real-time ﬁle carving functionality with any third-party malware analytics solution. You can define which files are extracted from your network and under what conditions those files are extracted. Leverage built-in automation to enable ﬁre-and-forget ﬁle analysis.
High-Performance Packet Path Accelerator
Providing high-performance capture, R-Core is the ultimate packet forwarding engine. R-Core supports DPDK and leverages its powerful HW acceleration capabilities from multiple application instances, including Zeek and Suricata workers. R-Core combines lightning-fast performance features such as zero packet copy, proprietary queuing and lockless data structures, and kernel bypass with options for fine-grained control of NUMA affinity and CPU core pinning. Although application-specific performance varies, benchmarks demonstrate that at input rates of 10Gbps, R-Core’s optimizations increase application performance up to 500% while packet drops are reduced up to 200%.
Tailor resources to applications. Flexibly adjust the amount of compute and memory allocated to ensure the application performance requirements are satisfied while avoiding wasting resources.
Support for HW-accelerated filtering to allow further speedups by offloading traffic from the CPU. This feature includes support for SW-fallback.
Maximize performance by ensuring all memory accesses are performed on the local NUMA node.
Avoid slowdowns from memory contention by ensuring that no shared data structure needs to be locked.
Increase the number of application workers while avoiding bottlenecks across the pipeline.
Leverage hardware-aided packet acceleration and utilize state-of-the-art NICs.