Sycope is a network performance monitoring tool using real-time flow analysis, enriched with business context to help businesses assess performance and protect IT infrastructure. It records, processes, and analyses all parameters contained in flows, enhanced by SNMP, geolocation and security feeds. With Sycope you can diagnose network issues, including network connection settings and bottlenecks.
The security feature of Sycope is designed based on the MITRE ATT&CK methodology. Rules and security incident detection mechanisms make it possible to detect attacks and undesirable activities on the network.

Sycope allows you to monitor many areas of IT infrastructure, implemented by 3 modules included in the solution:

• Visibility - The Visibility module provides full insight into the operation of the IT network, thanks to which IT managers and network admins can quickly make decisions about resource allocation and actions to protect against unplanned downtime related to IT infrastructure failures.
• Performance - The Performance module is focused on L4-L7 monitoring, from TCP analytics to L7 app detection and application response times measurements. The module allows for quick triage of potential issues.
• Security - The Security feature allows users to detect and analyse security anomalies and threats in the context of the entire organisation. It provides support in processes such as Network Forensics, incidents and threats detection. All of this is based on the MITRE ATT@CK framework to allow security teams to easily understand detected events.

What distinguishes Sycope from other IT infrastructure monitoring solutions:

• Out-of-the-box operation - Sycope offers unique customisation capabilities, but always comes with multiple dashboards for visibility, performance and security.
• Big Data style analytics and search - quickly filter any data, from any source, by any field, using any value and for any dashboard
• Customised dashboards and visualisation - using the simple or advanced mode, you can create any dashboard, with exactly the same API and capabilities as the Sycope team did.
• Data deduplication - Sycope deduplicates data to always provide real and correct information, regardless of IT architecture and filters applied.
• Easy top-down access – with just a single click the drill-down mechanisms enable you to view data for a specific port, interface or IP address.
• Threat detection, analysis & mitigation - Sycope consistently analyses the data to detect threats in your network and help you resolve security issues.
• MITRE ATT&CK framework - mapping events into the MITRE ATT&CK framework shows the stage of the attack and describes the impact on the infrastructure.
• NOC & SOC dedicated scenarios - see the big picture! All important information on a single screen to help identify the issues faster and easier.

Key features:

Flexible engine

High performance data collection, multiple flow protocol support, embedded deduplication 2.0, discovery mode for non-standard
data, allows easy development and new support for non-flow data sources.

NQL

Own query language tailored for monitoring system use cases, provides high performance for obtaining accurate data, allows for creation and calculation of any new metrics (including by the user).

API

Allows you to integrate our system with your own solutions (e.g. the Servicedesk system), as well as to create additional or custom dashboards.

3rd party integration

Utilise our API, multi-protocol notifications and embedded integration with NAC.

Out-of-the-box workflows

Selection of ready to use workflows for multiple use cases, dedicated for NOC/SOC teams, network/security forensic and business reporting.

L7 Probe

No application will remain hidden anymore. L7 app detection and application response times measurements.

More information about Sycope is available at www.sycope.com