Next generation packet capture and network security. 1
The data landscape 5 big cyber security trends for 2018 More data, more danger. Data proliferation brings many new opportunities but also many downsides: more data breaches, more sophisticated cyber attacks and more network management challenges. The business impact has never been greater, just ask Facebook, Equifax or Uber. Contents The data landscape 2 The solution is 4 What makes it different? 6 Use cases 7 The product range 8 The Cambridge Analytica scandal reduced Facebook s market capitalization by $50bn in just 2 days. The Equifax data breach has already cost them $87.5 million, and more data breaches are being unearthed a year later. Whilst the final bill for Home Depot s breach is forecast to exceed $180m. But data breaches don t just happen occasionally and at massive scale. By 2020 60% of digital businesses are predicted to suffer major service failures because of the inability of IT security teams to manage digital risk. According to ITPRO the average cost of a data breach is $3.6 million. The need is simple: businesses need greater network visibility at an unprecedented scale. The problem is that network packet capture must be reinvented to enable it. Right now storage is too expensive, current capture rates and network searches are too slow, and packet capture cannot scale to the 100 s of petabytes that deliver the extended timelines businesses need. is a next generation packet capture tool and network security platform that breaks the performance, scalability and expense barriers of existing frameworks. But any solutions must also be mindful of the constantly changing cyber security dynamics and needs that businesses will increasingly seek to plug in the coming years. 1. 2. 3. 4. 5. A move to technologies that overcome security skills gaps, and avoid outsourced services. A change in focus from protection and prevention to rapid detection, response and remediation. An increase in adopting hi-tech real-time change auditing solutions and analytics to secure assets. Harnessing the potential of AI to chase yesterday s attacks and defend against AI-powered attacks. Safeguarding business from the weak links in cyber security defense: the IoT and cloud. Partner technologies 9 SentryCloud 9 Find out more 10 2 3
The solution is detects intrusions, minimizes damage caused by breaches and enables packet level analysis of any incident, for as little as 20% of the cost of other systems. It s a unique capture and storage architecture. The Packet Capture Platform supports 1Mbps to 100Gbps capture rates, provides real-time filtering and allows weeks, months even years of network traffic to be recorded, retained and analyzed. A Hadoop-like architecture scales out computation and storage to provide the industry s fastest search in packet stores of 100PBs. There s also high-speed, high-fidelity packet recording with real-time analytics, visualization and BPF-syntax filters. And s NetFlow Analyzer provides real-time visibility into network bandwidth performance, traffic patterns, and user/application bandwidth utilization. 5 big benefits How it works 1. 2. 3. 4. 5. 100 s of PBs of data compressed Data is logged and indexed Data continually analyzed Real-time alerts Constant availability Full packet capture captures the full packet. Why? Because metadata won t produce a highfidelity record of traffic, and without this business cannot see the full picture of a breach. Powerful and fast search Rapid detection and response is critical, but most searches are limited and slow. searches petabytes of network traffic to detect attacks faster and accelerate recovery. Fast capture speeds Slow network packet capture makes it almost impossible for your businesses to store and manage data proliferation, and things will only get worse. can capture the world s fastest speeds up to 100Gbps. Intrusion detection Limited deployment, high-level security information and predefined alert signatures can hamper IDS. enables complete detection, its information base is deep and it can baseline behaviors. Visualization and analytics Managing security skills gaps and limiting outsourced managed services are key. doesn t need IT security specialists. Its dashboard can be used by many job roles and it can host a depth of analytics snap-ins. Management dashboard Up to 100Gbps recorded in high fidelity 4 5
What makes different The answer s simple: every element of packet capture has been challenged and rethought. genuinely is next generation packet capture and network security. use cases provides immense network throughput, limitless packet capture timelines, fast access to vast amounts of data, flexibility to use any analytics tools available and visibility into your enterprise. These defining characteristics are fueling many real-world use cases. Today s packet capture solutions Incident response and malware detection Network troubleshooting Storage is too expensive. Reduces cost of storing IP packets by as much as 80%. Current capture rates too slow: < 4Gbps. Supports world s largest network speeds to 100Gbps. Unlogged activity detection Forensic Traffic Analysis Search is limited and incredibly slow. Cannot share data between and among other vendor tools and limited filtering. Real-time indexing and immediate access: in seconds. Industry standard PCAP data access service along with BPF and customizable filtering. In conjunction with enterprise log correlation tools, quickly detect and sessionize network activity that may have been removed. Analyze captured data for suspicious traffic, alert the security practitioners of what they deem as suspicious user behavior, sessionizing the suspicious network traffic in the UI. Not available in multiple form factors. Not scalable to 1o/1000s of PBs, or weeks, months and years of packets. Limited integration capability. Requires IT security skills. Same technology: laptops to enterprise environments. Scales from TBs to 100 s of PBs with storage, search and analytics that can store and access years of packets. Integrates with existing security tools, existing analytics software, and is open architecture. Usable by multiple job roles. $1m per petabyte $100,000 per petabyte* Data exfiltration detection Log exfiltrated files with 5-Tuple indexing and hash details for comparing data, taking actions and retrieving sessionized PCAPs for forensics. Phishing preparation detection Detect and log all URIs traversing the network, from targeted phishing emails to web traffic, and alert when internal traffic accesses those URIs. Network access control analysis Receive real-time alerts of unauthorized network connectivity through 5-Tuple indexing and logging. User anomalous behavior Identify employees using unapproved applications or violating policies, and provide situational awareness and alerts. The extended timeline On average it takes 146 days to detect a breach in your network. However, most companies only have the capability to store 4 days of packets. This leaves an average of 142 days of no visibility into what was happening on a network during and since the breach. provides full visibility into your network, so you re not left in the dark as to how and when a breach has occurred. Breach occurred Today Breach detected 1110010010110010100101000001111100100100111100101101010010011 10010010101101001101010001010101010110000101010100010000101 010101010010100010101010101010001010000101010101101101010101 0100101011111010010010101010101011110010100101010100011110101 Full network visibility 0101011010100100110101001010101011010101010101010101010111010 000101010101010111001001001010101010010101011111010000101000 111101010100101010101010010100010101010101010001010000101010 1011011010101010100101011111010010010101010101011110010100101 0101000111101010101011010100100110101001010101011010101010101 0101000101110110001010101010101110010010010101010100101010111 Average 11010000101000100101010100101010100101010100100101000101010 101010101010110100001101010101010101010010101010010010100010 business 1001001101010010101010110101010101010101000101110110001010101 010101110010010010101010100101010111110100001010001001010101 packet 00101010100101010100100101000101010101010101010110100001101 capture 01010101010101001010101001001010001010101010101010101101000-146 days -4 days Malware infiltration detection Detect, classify and extract objects (files, URLs, IP Addresses, etc) in real-time to inspect and take appropriate actions to enrich cyber investigations and generate alerts. Indicators and signatures alerting Multi-level signature and behavior event session search and logging, with visualization through DPI visualizer. Behavior anomaly detection Detect anomalies from normal network traffic behavior and correlate to a 5-Tuple index for root cause review. Encryption visibility Gain visibility into TLS / SSL encrypted sessions. Log and extract sessionized network traffic via timestamp, capture node and session information to recover encrypted session, and view in any packet viewer. 6 * Terms and conditions apply 7
product range is a complete range of systems with everything you need. It scales from the very small to the very large and is easy to expand: there s no forklift upgrades or re-buys. Adding throughput and capacity is easy with the plug and play storage and capacity nodes. And s connectivity makes it easy to federate to hundreds of clusters. There s almost limitless configuration and integration flexibility. You can even sort the Systems by lossless capture rates. Partner technologies partners with the leading security solution providers to extend the power of our packet capture platform. This ecosystem of partner technologies includes governance, risk compliance management platforms, intrusion detection systems, behavior based solutions, hardware and OS providers, other security and industry solutions. Capture / storage node Capture rate Additional specifications Network connection Days of traffic 10 One (1) 4.4 x4.56 x2.04 small form factor Losslessly from 1 to 100Mbps Built-in storage capacity and one RJ45 copper network connection 3.9TBs 10 50 One (1) 1U Losslessly at up to 100Mbps 54TBs 10 100 One (1) 2U Losslessly at up to 250Mbps 130 One (1) 2U Losslessly at up to 500Mbps 216TBs 10 552TBs 10 Discover SentryCloud The benefits 150 One (1) 2U Losslessly at up to 1Gbps 150ES One (1) 4U Losslessly at up to 1Gbps 180 One (1) 4U Losslessly at up to 2Gbps 665TBs 10 1. 2. 3. Extra visibility See your cloud traffic without the cloud provider policies that limit access and restrict visibility of your assets. 200 Quad-Lite 200 Quad One (1) 2U One (1) 4U Losslessly at up to 4Gbps Losslessly at up to 4Gbps 200 One (1) 4U Losslessly at up to 5Gbps 215 One (1) 4U Losslessly at up to 10Gbps 4 network connections 665TBs 10 Capture 100% of your internal cloud traffic. Capture 100% of the traffic to and from the public cloud. Seamlessly extend network and security policies into the public cloud. Network control Seamlessly extend network and security policies into the public cloud. Record 100% of traffic Monitor and record all cloud traffic for review, investigation and regulatory compliance requirements. 230 One (1) 4U Losslessly at up to 10Gbps 250 One (1) 4U Losslessly at up to 10Gbps 4 network connections 1.7PBs 10 3.7PBs 10 Take back control Understand exactly what is happening to your assets in the cloud at-all-times. 8 9
Find out more about Learn more about the product range and how it s helping many organizations from government departments and agencies, national laboratories, Fortune 50 and Fortune 500 companies. Contact Rick Jones at rickj@aximglobal.com or visit aximglobal.com Axim helps organizations turn customer experience into better business through strong CX governance. We focus on risk, efficiency, accountability and the sheer untapped possibility of CX technologies, data and analytics, people and digital marketing. It means operationalized CX, streamlined CX ecosystems and mobilized customers. To learn more visit www.aximglobal.com aximglobal.com Axim Global and 2018. All rights reserved. 10