Signature generation occurs on the IQCerebrum, a dedicated processing module that communicates with IQCortex blades over a private network interface. Scouring data captured by Sentinel, the IQCerebrum simultaneously sends all activity to a high-performance relational database and conducts forensic analysis.
Using advanced pattern-matching techniques and artificial intelligence, IQCerebrum both identifies and learns from attack activity, generating attack signatures in real time. These signatures are then used to populate a database that administrators have ready access to via our powerful interface, NeuralUI.
Spurious shellcode, for example, is sandboxed on IQCerebrum in order to better determine its constitution, function, and aim. The deep forensic insight provided by the signature generation engine allows administrators to configure sophisticated alert policies and flexibly determine the conditions under which the engine notifies them of suspicious code or events.
As a result, the honeynet can easily be made context specific, greatly increasing its efficiency in specialized environments. Detailed signatures are generated on very short timescales and can be automatically formatted for compatibility with existing IDS/IPS solutions.