CloudShark
Threat Assessment

Detect and analyze malware traffic in your network captures

Bad things happen.

Use CloudShark to quickly get to the root cause of every security alert so you can protect your network from the next generation of evil.

What's lurking in your network?

Cyber attacks today are bigger, faster, and happening more frequently than ever.

When your intrusion detection system alerts you there's been an incident, that is only the beginning of the story. Let CloudShark Threat Assessment quickly take you from the network alert all the way down to the individual packets, so you can determine the root cause and continue on with your day.

Make sure you have all the tools necessary to protect your network

Alerting and reporting are an integral part of your real-time intrusion detection tools. However, for post mortem analysis, reporting, and auditing, nothing is better than having the actual packets at your fingertips.

Armed with the network capture of the event, use CloudShark to perform post-incident analysis on individual packets. Threat Vectors show you where, when, and how the attack unfolded.

Go from SIEM alert to root cause all in one web-based tool, then share your analysis quicky and easily across teams and departments. Use CloudShark Threat Assessment to test and improve incident response protocols for the next attack.


See all the action with Threat Vectors

CloudShark's Protocol Ladder Diagrams offer a whole new approach to threat analysis

It's more than just a name

While many tools simply give a high-level overview of attacks and violations, there’s much more to learn with a little... direction.

CloudShark's ladder diagrams are applied to security alerts to give you threat vectors that let you see the structure and timeline of a compromise or attack. See when it happened, where it came from, who was the target, and how they behave.

Drill all the way down to the packets

The truth is in the packets. CloudShark makes it easy to drill down from a high-level alert all the way through the HTTP stream and even to the individual packet that triggered it.

Find root cause faster by sharing your analysis

CloudShark lets you easily collaborate with anyone to get to the bottom of an attack or anomaly. View a stream, filter out the offending packets, and share exactly what you’re looking at with colleagues and experts.

It even pulls reference links out of alerts for you to continue your malware research.

Perfectly Integrated into CloudShark

Threat Assessment is built right into CloudShark just like all of our other analysis tools. Once you upload a PCAP file, open it and choose Threat Assesment from the Analysis Tools menu. You'll get a high-level summary in seconds. And, because it's CloudShark, every view can be shared with your team simply by copy and pasting the URL. It's quick and secure.

Threat Assessment Statistics

An easy to understand, high-level summary for everybody.

So just how bad is it?

CloudShark tells you how much of a bad thing you have going on, and helps you drill down to exactly the hosts and packets that are involved in each alert.

Who was exposed, and when?

Identify and document Indicators of Compromise from capture files while you are investigating an incident. Malware signatures, binaries, and other assets are all easily identified within CloudShark.

Is it still happening?

With CloudShark managing all your important capture files, you can quickly jump between events and dates to compare traces, making sure that a malware or virus has been cleaned up completely.


Start at a high-level and work your way down

When there's something strange going on, it helps to see it right upfront. See how much malicious activity there is in your capture, and how bad it is, at a glance.

Go straight to the source

Bad actors can come from inside or outside your network. CloudShark breaks it down by both source and destination endpoints; letting you see who is involved so you can take the appropriate action.


 

Security analysis available wherever you are.

CloudShark is entirely web-based and doesn't require any client-side software other than a web browser, so you can access your packet captures and perform threat analysis from anywhere, on any device.


About Us

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: