Cost Effective, Scalable Packet Capture and Cyber Analytics Cluster for Low Bandwidth Enterprise Customers

Similar documents
Visualization is pre-installed using open industry-standard data file formats: PCAP & IPFIX records open in WireShark. Log searches open as CSV files

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Compare Security Analytics Solutions

ALERT LOGIC LOG MANAGER & LOG REVIEW

CNIT 121: Computer Forensics. 9 Network Evidence

Enhanced Threat Detection, Investigation, and Response

Increase Threat Detection & Incident Response

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Security Analytics Appliances

BIG MON CONTROLLERS BIG MON ANALYTICS NODE. Multi-Terabytes L2-GRE 1/10/25/40/100G ETHERNET SWITCH FABRIC. Optional BIG MON BIG MON SERVICE NODES

Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS)

Security Platform. Security. Availability. Manageability. Scalability.

Optimize and Accelerate Your Mission- Critical Applications across the WAN

Alliance Key Manager A Solution Brief for Partners & Integrators

Secure, scalable storage made simple. OEM Storage Portfolio

RSA INCIDENT RESPONSE SERVICES

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Forescout. Configuration Guide. Version 3.5

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Visual TruView Unified Network and Application Performance Management Focused on the Experience of the End User

Accelerating Hadoop Applications with the MapR Distribution Using Flash Storage and High-Speed Ethernet

by Cisco Intercloud Fabric and the Cisco

Datasheet: Network Time Machine Portable Series - Plug and Play Network Forensic Analysis for Real Time Visibility

Monitoring and Troubleshooting Smaller Office Networks with Savvius Insight

RSA INCIDENT RESPONSE SERVICES

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

SEVONE DATA APPLIANCE FOR EUE

Seceon s Open Threat Management software

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

IBM Proventia Network Anomaly Detection System

Flexible and scalable five enterprise-grade Smart-1 dedicated management appliances. Full Threat Visibility

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

UX - User Experience: Multi-Cloud Network Visibility

Alliance Key Manager A Solution Brief for Technical Implementers

As for the requirement of having a USB 3.0 port, you will come to know the reason in the next section.

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

OCULARIS v 4.0. Feature Set Comparison. Ocularis PS Ocularis IS Ocularis CS Ocularis LS Ocularis ES

McAfee Network Security Platform 9.2

Security Information & Event Management (SIEM)

Snort: The World s Most Widely Deployed IPS Technology

Dell EMC Surveillance for IndigoVision Body-Worn Cameras

SOLUTION BRIEF NETWORK OPERATIONS AND ANALYTICS. How Can I Predict Network Behavior to Provide for an Exceptional Customer Experience?

Monitoring and Threat Detection

SIEMLESS THREAT MANAGEMENT

Table 1 The Elastic Stack use cases Use case Industry or vertical market Operational log analytics: Gain real-time operational insight, reduce Mean Ti

New Generation SIEM. Solution Development

Oracle Communications Operations Monitor

powered by Cloudian and Veritas

The Why, What, and How of Cisco Tetration

SIEM Solutions from McAfee

Observer Probe Family

The Bro Cluster The Bro Cluster

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

The Cognito automated threat detection and response platform

Features. HDX WAN optimization. QoS

FIPS Management. FIPS Management Overview. Configuration Changes in FIPS Mode

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Network Intrusion Analysis (Hands on)

ForeScout ControlFabric TM Architecture

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

SECURE CLOUD BACKUP AND RECOVERY

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

IT Services IT LOGGING POLICY

Subscriber Data Correlation

Cyber Security at large scale

McAfee Virtual Network Security Platform

CYBER ANALYTICS. An Advanced Network- Traffic Analytics Solution

Security

Observer GigaStor. Post-event analysis and network security forensics

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

ExtremeWireless WiNG NX 9500

Imperva Incapsula Website Security

Traditional Security Solutions Have Reached Their Limit

RSA IT Security Risk Management

Mothra: A Large-Scale Data Processing Platform for Network Security Analysis

Virtualized Network Services SDN solution for enterprises

Novetta Cyber Analytics

Real-time Monitoring, Inventory and Change Tracking for. Track. Report. RESOLVE!

DATA PROTECTION FOR THE CLOUD

Title DC Automation: It s a MARVEL!

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

Pulseway Security White Paper

Ethical Hacker Foundation and Security Analysts Course Semester 2

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

McAfee Endpoint Threat Defense and Response Family

SIEM: Five Requirements that Solve the Bigger Business Issues

Technical Brochure F-SECURE THREAT SHIELD

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

50+ Incident Response Preparedness Checklist Items.

McAfee Network Security Platform 8.3

McAfee Security Management Center

The Future of Threat Prevention

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Notes: Describe the architecture of your product. Please provide also which Database technology is used for case management and evidence management.

Transforming IT: From Silos To Services

Transcription:

Cost Effective, Scalable Packet Capture and Cyber Analytics Cluster for Low Bandwidth Enterprise Customers The Enterprise Lite Packet Capture Cluster Platform is a complete solution based on NextComputing s unique Packet Continuum capture and storage architecture. The system platform is a Dell-based, 2U rackmount, which offers high-speed packet recording with real-time analytics and visualization. With optional 2U cluster nodes, packet processing may be distributed to a cluster network of rackmount nodes with massive high-speed storage. This system is designed for applications that demand high-speed data recording and extensive storage, such as cyber forensics, cyber security, and big data analytics. Features include: Lossless packet capture, with deterministic performance, up to 2Gbps aggregate capture rate Extended forensic timeline and storage features, starting with 40TB physical storage in a stand-alone capture node, up to max amplified storage 400TB in a cluster system Log Manager: HTTP, files, DNS, email, user agents, TLS/SSL Actionable search of all logs, cross-correlated with PCAP & IPFIX Active Triggers: real-time, dynamic, user-defined Open data access: view PCAPs & IPFIX records in Wireshark, view log data as CSV Open PCAP workflows: playback output to any 3rd party forensic capture tool Open remote access: web GUI and RESTful interface Scalable, lightweight, MapReduce cluster architecture Lossless capture to 2Gbps 1-2 capture interfaces (1G) 100 Active Triggers 2U capture node 40TB physical capture store Scalable to 4 cluster nodes Scalable to 4 Petabytes amplified capture store Simultaneous search Federated search Very fast query response Streaming PCAP playback to 3rd party tools Page 1 of 6 Rev 1.1 2/17

Find Critical Event Information FAST! Fast, Streamed Query Results: Every query has the option to return PCAP files, IPFIX records, and/or any log files. Especially valuable for PCAP queries, all results are streamed in chunks, allowing partial results to be analyzed while the remaining query is completed, the first of which appear almost immediately after the query initiates. Lossless Packet Capture & Log Manager, With Deterministic Performance Packet Continuum provides a performance guarantee of sustained lossless capture rate, for a set of real-time packet analytics (Log Manager) functions, and a specified number of Packet Continuum cluster nodes. This means a deterministic guarantee to capture every packet under real world conditions, not just a best effort attempt. Real-time indexing, for efficient query and retrieval of retrospective PCAP data or IPFIX records Log Manager advanced packet analytics options include real-time event logging & cross-correlation: Logs for HTTP, files, DNS, email, user agents, TLS/ SSL Active Triggers (BPF signature) Snort rules (emerging-dns, emerging-ftp, and files) System events Log Manager search actions: All logs are time-correlated with PCAPs, IPFIX data Text string search of logs IPFIX flow record logging and search One-Click searches directly from Sankey Relationship Diagrams, Time Graph or Critical Alerts Log. Historical look-back queries based on standard Berkeley Packet Filter (BPF) within a time period. Users can setup multiple BPF-based Active Trigger look-forward alerts, BPF-based and user-defined, will generate alerts whenever the target condition occurs. Dozens can be active simultaneously. Pre-capture filters, also BPF-based, can be changed onthe-fly during capture operations. All historical logs are searchable by text string Cluster systems may be globally federated for unified search/retrieval, or locally aggregated for lossless capture in excess of 100+Gbps. Page 2 of 6 Rev 1.1 2/17

For End Users This Open PCAP Infrastructure has multiple use cases across the enterprise: SOC & Cyber Security teams need access to PCAPs for Incident Response (IR) investigations. IT/Operations needs fast IR access regarding uptime and performance problems. Compliance, Audit and Legal teams increasingly have their own IR requirements for the same ground truth for critical network events. Streaming Playback Feature PCAPs that have been searched/filtered/extracted with the Packet Continuum UI may be regenerated out a 1G copper RJ45 interface to an external device. Open Data Access Open file formats and data viewers: standard PCAP- NG file and IPFIX record extractions are viewable in Wireshark or TShark. All log files and alerts are viewable as CSV or text files in any compatible application such as MSFT Office. Real-time Log Manager / Data Recorder Packet Continuum is a lossless, time-based data recorder of PCAP files, IPIX flow records, Log files and Alerts. All data is searchable, with actionable correlations. All data is accessible via an open REST/API. For OEMs You can further differentiate yourself with the Packet Continuum through private label branding, customer-specific features, and application integration, as well as additional OEM appliance services offered by NextComputing. We can help you productize your innovation with first to market advantage for a specific service solution or product appliance. Page 3 of 6 Rev 1.1 2/17

PACKET CONTINUUM ENTERPRISE LITE SYSTEM SPECS Capture Interface Options Capture Rate Time Stamp Pre-Capture Filter Active Triggers Management Interface Playback Interface Encryption Device Control 1 x 1G interface 2 x 1G interfaces Up to 2Gbps aggregate lossless capture rate with or without Log Manager enabled Additional cluster nodes increase: capture rate, forensics timeline, and/or advanced packet analytics 150 nanoseconds BPF (dynamically adjustable) BPF (100 simultaneous) 1G RJ-45 LAN port, to an external host for Web GUI and REST/API. Automation via REST API and shell scripts to assist with automated workflows. PCAP Streaming / Playback Interface: Playback of filtered packets from historical searches via 1G RJ-45 LAN port, to an external traffic/pcap analyzer Optional AES256 encryption on OS/application and data arrays. Note: Capture Store capacity reduced by 20%, per each Capture Node and/or Cluster Node IPMI Interface Operating System CentOS 6.8 or RedHat 6.8 Forensic Timeline - Capture Node Forensic Timeline - Cluster Node Forensic Timeline - Max System Capacity Support Physical OEM Services PCAP storage of 40TB physical, up to 400TB with amplification PCAP storage of 100TB physical, up to 1PB with amplification Up to 4 cluster nodes, for total PCAP storage of 440TB physical, up to 4.4PB with amplification Global hardware support direct from the enterprise-grade computer vendor, with software support from NextComputing Capture Node: 2U rackmount, 26.92 (683.77mm) depth Cluster Node: 2U rackmount, 26.92 (683.77mm) depth Front bezel branding, soft bag branding, GUI branding, and customization services Packet Continuum RESTful interface for network-based laptop or remote client access OEM/solution provider-specific analytics, visualization and cyber solutions Other OEM/solution provider services available to help you create your cyber appliance solution 4 Townsend West, Building 17, Nashua, NH 03063 Phone: 1 (603) 886-3874 Fax: 1 (603) 886-1736 www.nextcomputing.com sales@nextcomputing.com This document is for informational purposes only. Updates and changes can occur without notice. All logos, trademarks, and service marks are the property of their respective owners. Copyright NextComputing all rights reserved. Page 4 of 6 Rev 1.1 2/17

CAPTURE, INDEXING, AND SEARCH EXTRACTION Page 5 of 6 Rev 1.1 2/17

CAPTURE, INDEXING, AND DISTRIBUTED SEARCH EXTRACTION Page 6 of 6 Rev 1.1 2/17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback