Innovative, High-Density, Massively Scalable Packet Capture and Cyber Analytics Cluster for Enterprise Customers



Similar documents
QRadar Security Intelligence Platform Appliances

Monitor network traffic in the Dashboard tab

Scalable Extraction, Aggregation, and Response to Network Intelligence

TORNADO Solution for Telecom Vertical

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Indexing Full Packet Capture Data With Flow

IBM QRadar Security Intelligence Platform appliances

QRadar Security Management Appliances

Unified Security, ATP and more

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Cover. White Paper. (nchronos 4.1)

Flow Analysis Versus Packet Analysis. What Should You Choose?

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study

Frequently Asked Questions

A New Approach to Network Visibility at UBC. Presented by the Network Management Centre and Wireless Infrastructure Teams

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Observer Probe Family

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

IBM SECURITY QRADAR INCIDENT FORENSICS

Network Monitoring for Cyber Security

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

A New Perspective on Protecting Critical Networks from Attack:

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Observer Analysis Advantages

Elasticsearch on Cisco Unified Computing System: Optimizing your UCS infrastructure for Elasticsearch s analytics software stack

High-Performance Network Data Capture: Easier Said than Done

First Line of Defense

The Purview Solution Integration With Splunk

BEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS

Cheap and efficient anti-ddos solution

Introducing FortiDDoS. Mar, 2013

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

GigaVUE HD Series // Data Sheet

Technology Highlights Of. (Medusa)

Detect & Investigate Threats. OVERVIEW

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Network Intrusion Analysis (Hands-on)

Cisco WAAS for Isilon IQ

Next-Generation Firewalls: Critical to SMB Network Security

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs

Key Messages of Enterprise Cluster NAS Huawei OceanStor N8500

VERITAS Cluster Server Traffic Director Option. Product Overview

Nemea: Searching for Botnet Footprints

How To Set Up Foglight Nms For A Proof Of Concept

NfSen Plugin Supporting The Virtual Network Monitoring

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION

Stateful Inspection Technology

Observer Probe Family

Smart Network Access System SmartNA 10 Gigabit Aggregating Filtering TAP

EMC BACKUP MEETS BIG DATA

RAVEN, Network Security and Health for the Enterprise

Discover & Investigate Advanced Threats. OVERVIEW

Security and Monitoring Requirements in Civilian and Military Networks

Distributed DBMS optimized for processing your business data including time series log data collected in real time.

WAN Optimization. Riverbed Steelhead Appliances

Network Monitoring using MMT:

NetFlow/IPFIX Various Thoughts

Log Management with Open-Source Tools. Risto Vaarandi rvaarandi 4T Y4H00 D0T C0M

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Scalable NetFlow Analysis with Hadoop Yeonhee Lee and Youngseok Lee

Attack and Defense Techniques 2

Using IPM to Measure Network Performance

Ignify ecommerce. Item Requirements Notes

Deliver More Applications for More Users

Archive-SeCure 3600 for Midsized Businesses

Ranch Networks for Hosted Data Centers

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

Alternatives to SNMP and Challenges in Management Protocols. Communication Systems Seminar Talk 10 Francesco Luminati

EMC SOLUTION FOR SPLUNK

EXPLORER. TFT Filter CONFIGURATION

PANDORA FMS NETWORK DEVICE MONITORING

Comprehensive IP Traffic Monitoring with FTAS System

Open Source Software for Cyber Operations:

From Centralization to Distribution: A Comparison of File Sharing Protocols

Hadoop. MPDL-Frühstück 9. Dezember 2013 MPDL INTERN

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

RSA Security Analytics Security Analytics System Overview

Network Security Monitoring

Firewall Testing Methodology W H I T E P A P E R

From NetFlow to IPFIX the evolution of IP flow information export

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators

funkwerk packetalarm NG IDS/IPS Systems

Infrastructure for active and passive measurements at 10Gbps and beyond

Web Traffic Capture Butler Street, Suite 200 Pittsburgh, PA (412)

Whitepaper: Back Up SAP HANA and SUSE Linux Enterprise Server with SEP sesam. Copyright 2014 SEP

Network Security Platform 7.5

How To Create A Network Monitoring System (Flowmon) In Avea-Tech (For Free)

Let the data speak to you. Look Who s Peeking at Your Paycheck. Big Data. What is Big Data? The Artemis project: Saving preemies using Big Data

Application and practice of parallel cloud computing in ISP. Guangzhou Institute of China Telecom Zhilan Huang

Cisco IOS Flexible NetFlow Technology

Open Source in Government: Delivering Network Security, Flexibility and Interoperability

PANDORA FMS NETWORK DEVICES MONITORING

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

Transcription:

Innovative, High-Density, Massively Scalable Packet Capture and Cyber Analytics Cluster for Enterprise Customers The Enterprise Packet Capture Cluster Platform is a complete solution based on a unique capture and storage architecture. The system is managed by a Dell-based, 2U rackmount system which offers high-speed packet recording with real-time analytics and visualization. Data is then distributed to a cluster of rackmount nodes with massive high-speed storage. This system is designed for applications that demand high-speed data recording and extensive storage, such as cyber forensics, cyber security, and big data analytics. The 2U Enterprise Packet Capture Cluster Platform has a variety of powerful features: Lossless Packet Capture Forensic, retrospective functionality of lossless packet capture from 1Gbps to 10Gbps Time stamping of 150 nanoseconds Metadata Indexing and Logging System 5-tuple indexing IP address source/destination, port source/destination, protocol (IP, UDP, ICMP) Indexing of MAC source/destination IPFix record generation NetFlow recording RFC anomaly logging File exfiltration and infiltration hash logging Session and connection logging http, ftp, grid ftp logging UID event correlation RESTful search query access using easy BPF+ metadata descriptors Page 1 of 5 Lossless packet capture to 10Gb/s 5-Tuple indexing Simultaneous search IPFix record generation RFC anomaly logging File download hash logging Session logging http, ftp, grid ftp logging

(features continued) Lightweight, MapReduce Architecture Scalable to 16 nodes, including storage nodes Packet processing is distributed to cluster nodes Dynamic node management Data Storage and Forensic Timeline Features From a minimum of 80TB storage per cluster node, compression / amplification could extend to 1.6PB Overall storage amplification up to 16x (depending on percentage of traffic with SSL encrypted or compressed packet payloads) Forensic timeline that is scalable, distributed, and searchable over days, weeks, months even years! Queries respond with stream-based extracted packets, so analysis can occur in parallel with data retrieval Massive queries over large timelines respond quickly, even as the timeline increases Federated search both within a cluster, and across multiple clusters Web GUI and RESTFul Interface Log and metadata information visualization, search, and packet viewing MapReduce support of multiple clusters Node management Remote access, automation, and control through your analytics application and framework To learn more about the Enterprise Packet Capture Cluster Platform and other packet capture solutions, visit us at alliance-it.com. To discuss solutions for your specific needs, please give us a call at (410) 712-0270. 2U master node and packet processing cluster node(s) Scalable to 16 nodes Scalable to petabytes of packet store Lightweight MapReduce architecture Real-time analytics for any volume Fast, scalable, distributed search and extract, even as timelines increase Federation of multiple clusters Page 2 of 5

SYSTEM SPECS Packet Capture Interfaces and Capture Rate (With Simultaneous Search / Extract) Timestamping Total Timline Capture Total Indexing and Meta Data Total Extraction Data API/REST and Web GUI Control Node Physical 4 x 1G ports (up to 4Gbps line rate lossless capture with no cluster nodes) 2 x10g ports (up to 5 Gbps aggregate lossless capture rate with no cluster nodes) With 2 cluster nodes or more, 10Gbps aggregate rate. Additional cluster nodes increases the forensics timeline 150 nanoseconds Up to 80TB (RAID 5) before in-line compression/amplification up to 1.6PB Up to 5.7TB (RAID 1) or 3.4TB (RAID 5) Up to 5.7TB (RAID 1) RJ-45 1G LAN port H: 8.73 cm (3.44 in.) x W: 44.40 cm (17.49 in.) x D: 68.40 cm (26.92 in.) 7010 Hi Tech Drive, Hanover, MD 21076 Phone: 1 (410) 712-0270 www.alliance-it.com This document is for informational purposes only. Updates and changes can occur without notice. All logos, trademarks, and service marks are the property of their respective owners. Page 3 of 5

CAPTURE, INDEXING, AND SEARCH EXTRACTION Page 4 of 5

CAPTURE, INDEXING, AND DISTRIBUTED SEARCH EXTRACTION Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information