INTRUSION Savant

INTRUSION Savant™ v 16.1

INTRUSION Savant was created to overcome the limitations of previous network monitor tools in the market in order to capture, log, analyze and retain 100% of behavioral history of all network connections. As network throughput rates have increased by orders of magnitude and adversaries have innovated new ways of hiding their covert traffic, we found in the late 1990’s that we needed to invent novel ways of solving network traffic analysis at scale.

In development for over 20 years, INTRUSION Savant is a multi-protocol network decoder and analyzer utilizing three original patents to uniquely capture, analyze and store bidirectional traffic at 20Gbps.

Savant features a rich GUI that allows researchers to customize capture tasks and visualize captured data to perform extensive research and analysis. There have been 16 releases of Savant, and the Savant code is at the core of the INTRUSION Shield™ appliance, with the most recent being named Shield v17.2. The Savant code base contains more than one million lines of code and the Shield appliance further enhances Savant capabilities but contains less than 5% new code.

INTRUSION Shield™ is a managed security platform that leverages Savant technology to automate the active killing of dangerous connections based on AI technology. Whereas INTRUSION Savant™ remains positioned as a network reconnaissance and attack analysis tool for forensic analysts in the DoD and Federal Government and security aware corporations. Looking forward, INTRUSION Shield customers will have an option to bring all of the INTRUSION Savant real-time visibility, analysis, reporting, and forensic retention capabilities to their networks in addition to the enhanced network traffic protection offered by Shield. The principal uniqueness of Savant is the ability to decode all packets, all protocols, all fields in each protocol in real-time – and to perform graph analytics in real-time on all traffic.

Using key patents, Savant and Shield are able to record every packet in real-time and efficiently retain multiple years of metadata history – allowing security experts to look backward in time to all events in order to trace back the origin of events on the network – as well as doing network discovery and real-time analysis. The INTRUSION Savant appliance is licensed separately from INTRUSION Shield service and although the Shield appliance contains all of the Savant engine code, it does not expose the customizability of capture tasks and enhanced analytic interfaces contained in the Savant GUI.