Bricata

Bricata is a Network Detection and Response (NDR) platform for enterprise security teams that combines Deep Packet Inspection (DPI), intrusion detection, and network forensics for monitoring and investigating network traffic.

• NDR platform for east-west and north-south traffic visibility.
• Intrusion detection and prevention capabilities using signature-based and behavioral analysis (network security).
• Full-packet capture and network forensics for incident investigation and threat hunting (security analytics).
• Integration with existing Security Operations (SecOps) tools and workflows, including Security Information and Event Management (SIEM) and Security Orchestration Automation Response (SOAR) platforms.
• Appliance and virtual deployment models for on-premises (on-prem), data center, and hybrid network environments.

More About Bricata

Bricata provides NDR capabilities for enterprises that require detailed inspection of network traffic across distributed environments. SecOps teams deploy Bricata sensors at strategic network junctions to observe both north-south traffic between internal networks and the internet, and east-west traffic between internal segments. The platform is used to detect threats, support incident response, and maintain visibility into network activity.

The platform combines intrusion detection and prevention (IDS/IPS) functions (network security) with full-packet capture and metadata extraction (security analytics). It relies on DPI and multiple detection engines, including signature-based rules and pattern matching, with support for widely used Intrusion Detection System (IDS) rule formats and frameworks. Bricata also incorporates context from network metadata to help analysts understand session details, application protocols, and communication patterns, which can be used for threat hunting and retrospective analysis.

Bricata appliances and virtual sensors integrate into existing enterprise security architectures. Organizations can deploy the technology in data centers, campus networks, and branch locations, as well as in virtualized environments. The collected telemetry and alerts integrate with SIEM systems and security orchestration, automation and response (SOAR) tools to support centralized monitoring, triage, and automated workflows. This positioning places Bricata in the network security and security analytics categories for marketplace taxonomy.

Bricata’s network forensics functions provide storage of packet data and session records for later retrieval. Analysts can search and replay traffic associated with alerts or suspected incidents, use timelines of network events to reconstruct attack paths, and correlate detections with other telemetry sources. This model aligns with usage patterns in SecOps centers that depend on both real-time alerts and historical data for validation and Root Cause Analysis (RCA).

From a protocol and technology perspective, Bricata focuses on inspection of IP network traffic and common enterprise application protocols. Its architecture is compatible with standard network designs that use Switched Port Analyzer (SPAN) ports, TAPs, or packet brokers to feed traffic to out-of-band monitoring tools. This allows it to coexist with firewalls, Endpoint Detection And Response (EDR) tools, and other security products, and to function as a dedicated NDR and network forensics layer within broader defense-in-depth strategies.