Network forensics platform for the 10 Gig world
nPulse Technologies announced the launch of its Cyclone Network Forensics Platform, which builds on full packet capture by adding advanced, line-rate extraction of crucial application layer security metadata and a flexible big data security analytics framework to index, search, analyze, and visualize network traffic and expeditiously reconstruct cyber attack kill chains.
By automating a comprehensive cycle of steps ensuring that all network traffic is captured and inspected for forensics and incident response activities, Cyclone provides the traffic visibility necessary to defeat attacks and reduce mean time to resolution for advanced network threats.
The core components of nPulse’s Cyclone Network Forensics Platform include:
- Capture: Cyclone leverages nPulse’s Capture Probe eXtreme (CPX) appliance to perform sustained, lossless full packet capture at core network speeds up to 20 Gbps. Through its multi-level index, CPX can search recorded traffic at 160 times its rate of capture – meaning that in less than one minute CPX can search and display traffic data that competing products can take up to a day to retrieve. CPX concurrently exports standard flow records in IPFIX format to nSpector, nPulse’s management console.
- Metadata Extraction: nPulse’s new Security Probe eXtreme (SPX) appliance inspects network traffic at line rate and extracts OSI Layer 7 metadata about the traffic, such as application used, e-mail addresses, file types and DNS records. SPX seamlessly exports this data in standard IPFIX format to nSpector.
- Big Data Security Analytics: The nSpector management console indexes the metadata from SPX and CPX, enabling centralized search across the enterprise for traffic of interest, analysis of the traffic, and custom dashboards. Built to leverage the Open Stack private cloud platform, it also supports third-party threat intelligence feeds, giving administrators the ability to analyze historical traffic using particular indicators of compromise that can help expose a cyber attack in progress and avert future attacks.
“Combating advanced cyber threats hidden in faster, more diverse network traffic demands near real-time forensic visibility and analysis at core network speeds – capabilities that incumbent technologies dating from the “1 gig world’ simply do not offer,” said nPulse CEO Tim Sullivan. “With the launch of nPulse’s Cyclone Network Forensics Platform, customers defending today’s fastest networks can gain near real-time insight into areas where seconds count – including which attack vectors are most often exploited against their organization or which of their network defenses are being bypassed by malware navigating the “kill chain’ between an attack’s launch and a successful compromise.”
“Over the past decade, attackers have moved deeper into the packet,” Sullivan added. “As network defenses, controls, and detection techniques have improved, attackers have had to “move up the OSI stack’ to avoid detection and maintain persistence. Moving up the stack allows attackers to change where their malicious code communicates easily and at a moment’s notice. This new paradigm requires Layer 7 data to detect intrusions and expeditiously reconstruct kill chains. As attackers move up the stack, we are moving with them. Layer 7-enriched meta-data coupled with our ability to provide full packet capture gives Cyclone users a solid foundation upon which to perform the network forensics necessary for detecting and responding to intrusions in a timely manner, while managing overall risk and averting future incidents.”