Meaningful Lawful Intercept (LI) demands the capture and analysis of 100 percent of the traffic crossing a network—whether in 10G or 1G interfaces, or a combination. Sharon likens the challenge to “finding the needle in the haystack,”

1. Identifying the needle in the 10/40/100G haystackSharon Besser, VP Technologies Net Optics Intelligent Access and Monitoring Architecture

2. Goal Present a methodology and solution of leveraging access switching to overcome current and future Lawful Interception challenges

3. Net Optics In a Nutshell Customers Financial, Telco, Healthcare & Government 85% of the Fortune 100 50% of the Fortune 500 7000 Global Deployments Highlights Founded in 1996, Private, Self-Funded 55 Quarters of Growth & Profitability Strong Management Team Sales Offices in New York, Atlanta, Germany 300 plus new direct customers annually Go to Market Strategy 30% Direct Sales 25% OEM/Partner Relationship 45% Global Channel Technology 20+ Patents and Patent Pending Requests

4. Cause and Effect Industry / Networking Data Center Lawful Interception

10. Leveraging existing investments of 1G tools

11. Cost of knowledge, migration, operations  TCOSource: Net Optics Customer Advisory Board 7/2010

14. Oversubscription Source: Cisco

15. What Customers Want Meet Lawful interception challenges in high capacity networks But how?

16. The LI Foundation: Reliable Copy End user 1 End user 2 Application Application Interception Node Transport Transport Network Network Network Link + Physical Link + Physical Link + Physical Copy LEA Site LEMF Application Application Transport Transport Network Network Link + Physical Link + Physical Source: ETSI TR 101 943 Concepts of Interception in a Generic Network Architecture

17. Current Approach Is Not Scalable Invest in new systems capable to handle 10G/40G/100G Packet duplication add burden on the network Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN

19. Access Switching: Do More With Less 10/40/100Load Balancing Share the load between multiple tools Centralized intelligence for more endpoint Leverage existing / cheap / 1G tools Plan for growth Pre-filter w/ DPI to detect desired traffic on any port Pre-filtering is a mature technology DPI allows to identify data of interest and forward to the monitoring/recording tool GRE tunneling Distribute the collection infrastructure Cloud Monitoring Inter-VM and cloud based monitoring Any type of media Fiber, copper or both

20. Summary Modern and advanced Access switching technology provides the scalable solution to meet Lawful Interception challenges in high capacity networks by focusing on improving collection infrastructure

21. Thank You!