Real Time Threat Visibility
R-Scope delivers real-time network visibility, situational awareness, and event detection at the speed of today’s enterprise. Our enterprise-ready appliances seamlessly integrate with your IT operations, equipping your teams with easy-to-use tools to defend against rapidly evolving cyber threats.
R-Scope® puts networks under a microscope so that customers can respond to both known and zero-day attacks before they become crises.
R-Scope is a sensor that enables real-time network visibility providing unprecedented levels of situational awareness at speeds up to 20 Gbps. Our turn-key, enterprise-ready appliance seamlessly integrates into IT operations equipping teams of all sizes with the easy-to-use tools required to defend against today’s and tomorrow’s cyber attacks.
Specifically, R-Scope provides deep network visibility, advanced situational awareness, and real-time security event detection by extracting cyber-relevant data from network traffic. R-Scope leverages the richness of the Bro open-source analytics language, is architected to connect to major SIEM systems, and incorporates the most advanced threat intelligence technologies available. R-Scope is commercially available in compact, ready-to-deploy packages that fit into your environment.
Reservoir Labs Professional services are delivered by industry experts who are focused on providing only the highest quality training and services to your organization. Please contact us to learn more about each offering and to obtain quotes.
R-Scope System Administration (1 day)
Analyzing Metadata with R-Scope (1 day)
Bro-Basics (½ Day – Webinar)
How to write Broscript (1-Day, with Lab)
Advanced Broscripting (2 Days, with Lab)
Security Architecture Integration
Custom Protocol Analyzer Development
Bro Powered, Enterprise Ready
Leverage the power of Bro in your enterprise with R-Scope Appliances. R-Scope is more than Bro-in-a-box; we add value above and below the Bro engine. Our R-Scope acceleration layer includes patent pending technology to accelerate packet ingest into Bro, while the R-Scope
Manageability Layer wraps the whole system in a seamless command-line environment to streamline management for over-burdened admins and assist busy analysts with productive development workflows.
Hardened for the Enterprise
We start with hardware purpose-built for network monitoring, and then go to extreme lengths to provide a device that is secure to run and easy to administer. Starting from a minimal Linux environment running encrypted file systems, we secure the appliance from BIOS, to OS, to application. R‑Scope is enhanced to support multiple users with multiple security roles to map to the different operational functions within an enterprise. Additionally, we provide a secure update mechanism for both internet-connected devices as well as locked down, restricted access machines.
Streamlined Development Environment
Working with researchers and practitioners, we have developed a streamlined, on-box, development environment to allow production and development Bro instances to run side-by-side. Users can write
applications in our development sandbox, and use PCAP traffic to test. When ready for deployment, the application is released into the production environment. The environment synchronization is
handled by a simple Git repository. Our goal is to keep your production sensor up and running while allowing your analysts to remain productive in development.
R-Scope partners with FireEye, Splunk, ArcSight, Gigamon, Sqrrl, Hewlett Packard Enterprise, ThreatQ, Solarflare, Packetsled, Arista and many other market leaders to support your integration needs.
Avoid Integration Headaches
We make getting data into and out of the appliance as simple as possible by natively supporting the tools you already know and love. To get data into the box, use your existing Arista™ switch, or Gigamon™ packet broker. To export data, use the built in syslog or scp capability, and then visualize your data by simply connecting R-Scope to your Splunk™ instance or ArcSight™ installation. Download our Splunk app at: https://apps.splunk.com/app/1722/ to see more.
Deploy for the Long Term
R-Scope is available in a compact and efficient 1U form factor that can scale to 100’s of Gbps with cost-effective, space-and-power efficient clusters. Enterprises can choose R-Scope to fit their needs and adopt a platform for network security monitoring that truly scales.
Product detail and use cases
R-Scope fills a void left by other Cyber Security products by offering a smarter, richer, and more complete view into your network. With today’s threat landscape, traditional signature-based protection is not enough; we must assume some threat actors will penetrate the perimeter and lurk in the network for weeks or months hunting for your most valuable assets. R-Scope enables the identifcation of sophisticated attack behaviors by today’s (and tomorrow’s) hackers with a real-time focus on what’s happening right now, in and around your network. By extracting relevant cyber security data from network traffic, R-Scope empowers analysts to react to known and zero-day attacks before damage is done.
R-Scope® puts networks under a microscope so that customers can respond to both known and zero-day attacks before they become crises. R-Scope is a sensor that enables real-time network visibility providing unprecedented levels of situational awareness at speeds up to 100 Gbps.
Created each year for the SuperComputing conference, SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet is made up of a diverse group of technology-leading organizations from all over the world that work together to become the backbone of SC’s highly sophisticated, high performance network. Reservoir Labs and Gigamon are a proud part of this group.
Reservoir Labs’ new ENSIGN for Cyber solution brief from RSA 2017.
Reservoir Labs and Deloitte’s tech talk at BroCon 2016
Reservoir Labs and Splunk have worked together to create a solution that multiplies the effectiveness of cyber alerts and investigations with seamless CIM integration. This solution was presented at SplunkLive!
Reservoir Labs and FireEye have partnered to deliver a solution that provides your security team with high fidelity alerts and introduces new ways of analyzing and cross-referencing your existing logs. Identify and remediate threats faster by combining R-Scope’s rich metadata with FireEye’s Threat Analytics Platform.
Reservoir Labs and Gigamon have collaborated to offer customers one of the most flexible IDS deployment options coupled with robust performance. The combination of Reservoir Labs R-Scope and the Gigamon Visibility Fabric™ architecture ensures traffic is analyzed and threats are detected in real time.
Reservoir Labs / Gigamon Joint Solution to the challenge of Security Operations presented at RSA 2016
Reservoir Labs / Packetsled presentation from RSA 2016 about Alert verification in Enterprise level Bro
Reservoir Labs / Sqrrl presentation from RSA 2016 covering threat hunting with Bro
Reservoir Labs / ThreatQ presentation from RSA 2016
Presentation from RSA 2016 about Splunk integration with R-Scope
Presentation for RSA 2016 about Sqrrl and R-Scope integration