Red Hand Versions

Red Hand comes in Lite and Pro versions.

  • Red Hand Lite is designed for smaller organizations without a dedicated security team or for those that only intend to use the service for regular, cursory threat checks.
  • Red Hand Pro is designed for users who are serious about their cyber defense, providing continuous (24/7) monitoring of network data and integration with other security technologies within the organization.
Detailed Comparison:

Features

  • Analyze raw network recordings
  • Analyze network flow logs
  • Real-time email alerts
  • Behavioral profiles
  • Send alerts to a SOC/SIEM
  • TAP/Packet Broker/Packet Mirroring support
  • Daily data size limit
  • Data retention
  • Free Trial
  • Pricing

Red Hand LITE

  • 10 GB
  • 30 Days
  • 14 Days
  • $300 per Month
TRY FOR FREE

Red Hand PRO

  • Unlimited
  • 90 Days
  • 14 Days
  • Cost per GB, or per Endpoint
TRY FOR FREE
Feature Details:
Analyze raw network recordings

Analyze raw network recordings to identify suspicious cyber activity by examining packet capture files (.pcap and .pcapng extensions). Packet capture files provide detailed snapshots of network traffic, capturing the data packets transmitted across the network. By analyzing these files, it's possible to analyze specific network interactions, detect anomalies or malicious behavior, and gain insights into the nature of the traffic. Here's how you can create .pcap and .pcapng files on Windows, Linux and Mac.

Analyze network flow logs

Analyze NetFlow files to gain insights into network traffic patterns. NetFlow is a widely used network protocol that collects metadata about IP traffic flowing across network devices such as routers, switches, and hosts. This metadata provides valuable information about the source, destination, volume, and nature of traffic, enabling a deeper understanding of network behavior. For organizations utilizing Virtual Private Cloud (VPC) services like Amazon Web Services (AWS), Google Cloud, or Microsoft Azure, NetFlow is natively supported.

Note: There are some limitations when using NetFlow logs to analyze network activity instead of raw network packets, primarily because NetFlow was not designed with cybersecurity in mind. The absence of packet capture data, the fact that NetFlow works only between layers 3 and 4, and the overall noisiness of the data impose limitations when trying to effectively detect hackers on a network using NetFlow.

Real-time email alerts

Receive an email notification as soon as suspicious activity is detected. This immediate alert system ensures that you are promptly informed of any potential security threats, allowing for quick response and investigation. By setting up email notifications, you can stay updated on critical incidents in real-time, facilitating a proactive approach to managing security events. This feature helps ensure that important security alerts are not missed, enabling timely action to mitigate risks and safeguard your network.

Behavioral profiles

Behavioral profiles enhance detection accuracy by providing the engine with essential context to better determine whether an activity is truly suspicious or merely part of normal operations. This information can include the roles specific endpoints play within the organization, or even a predefined list of clients and servers they are allowed to communicate with. Since this data is often unique to the organization and may not be automatically identifiable, we offer an intuitive interface that enables users to easily define these profiles themselves.

Send alerts to a SIEM

If an organization has a SIEM or SOC, alerts of suspicious activities can be sent directly to the SIEM for further investigation. This integration allows for centralized monitoring and analysis, enabling your security team to quickly correlate alerts with other data and streamline their response efforts.

TAP/Packet Broker/Packet Mirroring Support

By using an installable software agent, it is possible to analyze raw traffic in real-time directly from a network tap or a packet broker, which aggregates data from multiple network taps. This setup allows for comprehensive monitoring and analysis of network traffic across various points in the network, providing a deeper and more immediate understanding of network activity and potential threats.

Daily data size limit

The maximum amount of data you can analyze in a single day is measured in gigabytes (GB). Red Hand Lite has an upper limit of 10 GB per day. Red Hand Pro has no such size limit.

Data retention

The maximum amount of time source data is kept for forensic purposes.

Free Trial

You can try the service for free with no commitments for 14 days.

Sign Up Now!

Pricing

Pricing for Red Hand Lite is based on the maximum size of the data analyzed daily. With a daily limit of 10 GB, the cost for this version is $300 per month. Pricing for Red Hand Pro is also based on the size of data analyzed, but it may include an additional cost for TAP/Packet Broker integration, which is determined on a per-endpoint basis.

Contact us to get a quote.

Try Red Hand For Free!

Learn More