Network Traffic Analysis to secure your IT operations

GreyCortex Mendel


  • Provides round-the-clock security monitoring
  • Gives you powerful rapid detection & response capabilities
  • Take advantage of the solution’s powerful detection capabilities
  • Lets you gain a deep visibility into the internal network
  • Powerful and easy to use

GREYCORTEX MENDEL, a Network Traffic Analysis tool, helps enterprise, government and critical infrastructure users make their IT operations secure and reliable through advanced artificial intelligence, machine learning, and big data analysis.


Identify threats before damage happens

Using advanced artificial intelligence methods, MENDEL goes beyond known threats to detect and identify symptoms of malicious behavior at the atomic level. Threats are identified in their early stages, decreasing incident response time, preventing further damage and reducing overall risk.

Easy to use

The web user interface presents comprehensive information about network traffic. This includes: management overviews; data about communications of the network, subnetworks, users and applications; and details concerning individual flows and their content.

Identifying threats in IoT devices

MENDEL monitors a rich set of network flow data in IoT devices, and is able to identify not only traffic in and out of the network but also communication flows between devices within the network. MENDEL can detect these anomalies:

  • Communication flows between devices
  • Additional anomalous devices
  • Excessive communication from one device to another
  • Communication from one device to a host outside the network
  • Periodic communication of the type common in advanced persistent threats

More capabilities than NetFlow

MENDEL Analyst collects several times more information on network traffic than NetFlow, IPFIX or similar protocols. We enhance these protocols with security parameters and performance information. Examples of these additional security parameters include frequency, spectral and traffic content features which allow us to provide even more sensitive behavioral detection.




Flow-based and packet-based technology

Instead of relying on older and limited SNMP polling, MENDEL leverages flow-based and content-based monitoring. Flow-based monitoring provides near real-time (1-minute intervals) visibility into network statistics and other detailed issues. Deep content inspection (DCI) extends this information with real-time comprehensive contextual metadata (user identity, applications, etc.)

Application monitoring and more

MENDEL Analyst constantly monitors communication of users and network applications of all ports and on TCP, UDP, ICMP and many other protocols. This enables monitoring of current and average bandwidth, response times, transit times, delay, jitter, ports in use, connection peers and more.

Detection methods

  • Signature based detection
  • Deep packet inspection
  • Network behavior analysis
  • Specialized algorithms
  • Network performance monitoring
  • Application performance monitoring

Powerful forensics

MENDEL Analyst generates metadata of network communication providing full contextual awareness – for example, destination and source, user's identity and application protocol. Unlike technologies based on full packet capture, it allows the metadata on network traffic to be stored for a much longer time with low demands on storage capacity. 

Product gallery

Related information

Read the GREYCORTEX MENDEL product overview for more information on:

  • How the solution works
  • Detection methods
  • Traffic processing and analysis
  • Outputs and Inputs
  • Appliance