SlideShare ist ein Scribd-Unternehmen logo

nextcomputing-packet-continuum

B
blabadini

Packet Continuum is massively scalable packet capture software that offers lossless packet capture, fast query retrieval, and real-time alerts. It can process, store, and search captured packets across a cluster of systems to build solutions for network security and performance analysis. NextComputing offers complete packet capture solutions by combining Packet Continuum software with high-performance hardware platforms in various form factors to suit different user needs. Packet Continuum provides deterministic guarantees for packet capture rates and analytics and can scale to accommodate capture speeds, custom alerting rules, and extended storage timelines.

1 von 7
Downloaden Sie, um offline zu lesen
Page 1 of 7 Rev 1.0b—10/15 INNOVATIVE, OPEN, MASSIVELY SCALABLE PACKET CAPTURE SOFTWARE Packet Continuum is a powerful, massively-scalable software architecture that offers lossless packet capture, fast query retrieval, and real-time event alerting. With unique special features like in-line data compression and an open architecture, Packet Continuum makes the most of your resources, dramatically lowering the cost of creating long, rapidly-searchable forensic capture timelines. Its ability to process, store, and search across a cluster of systems lets you build the right solution for any size network application for cyber security or performance. NextComputing offers complete packet capture solutions by combining the Packet Continuum software with high-performance platforms in a variety of form factors (see last page for details). Whether you need maximum density, space-saving compact systems, a unique portable solution, or you want to utilize your existing infrastructure of commodity servers, NextComputing has the perfect solution for you. Federate multiple capture sites, anywhere! Lossless Packet Capture, with Deterministic Performance Scalable, Lightweight, MapReduce Cluster Architecture Extended Forensic Timeline and Storage Features Intuitive Web GUI and RESTful Interface Real-Time Packet Analytics User-Defined & Dynamic Critical IOC Alerts
Page 2 of 7 Rev 1.0b—10/15 Lossless Packet Capture, With Deterministic Performance Packet Continuum provides a performance guarantee for a set of real-time packet analytics functions, at a sustained lossless capture rate, and a specified number of Packet Continuum cluster nodes. This means a deterministic guarantee to capture every packet under real world conditions, not just a “best effort” attempt. Conditions of maximum network stress are key to discovering the hidden performance problem or cyber security threat. • Lossless packet capture from 1Gbps to 40Gbps • Time stamping of 150 nanoseconds, using generic network interfaces instead of expensive specialized capture cards • Real time indexing, for efficient query and retrieval of retrospective PCAP data • Real time packet analytics, to generate Indicators of Compromise (IOC) alerts • Scalable architecture to meet your speed and/or analytics requirements • The ability to “federate” multiple cluster-based capture systems, for global visibility and PCAP retrieval Scalable, Lightweight, MapReduce Cluster Architecture The Packet Continuum cluster-based architecture can scale up smoothly to accommodate any combination of desired goals for capture speed, custom alerting, and extended forensic timeline creation. • Scalable to multiple nodes; simply adding cluster nodes will increase packet analytics capacity, sustained capture rates, and (of course) storage capacity • Packet processing is distributed to cluster nodes • PCAP storage and index tables are distributed to cluster nodes • Dynamic node management, including redundancy and hot-swap / expand Extended Forensic Timeline and Storage Features Packet Continuum offers many features to lower the cost of maintaining very long timelines, on a massive scale. • Overall storage amplification up to 20x (depending on percentage of traffic with SSL encrypted or compressed packet payloads) • Forensic timeline that is scalable, distributed and searchable over days, and weeks, depending on average capture rate • Even for very long timelines, queries respond with stream-based extracted packets, so analysis can occur in parallel with data retrieval • Massive queries over large timelines respond quickly, even as the timeline increases • Federated search across multiple Packet Continuum appliances at diverse geographic locations, without any “concentrator” servers as intermediaries • Policy-driven packet capture in coordination with 3rd party analytics solutions Intuitive Web GUI and Restful Interface Manage and control multiple devices and review a continuous log of alerts, which auto-populate query requests, to drill down to find and extract the PCAP files you need. • A common interface across all platforms • Log and metadata information visualization, search, and packet viewing • Manage multiple clusters and nodes as a federated system • Remote access, automation, and control through your own choice of analytics application and framework
Page 3 of 7 Rev 1.0b—10/15 Real-Time Packet Analytics These packet analytics features are standard on all platform configurations for Packet Continuum: • Real-Time Indexing: Every packet gets a timestamp and 5-tuple index, which includes IP address source/destination, port source/ destination, and protocol (IP, UDP, ICMP). • Real-time Data Compression: In-line packet compression is transparent to the user. All packets are compressed as they are captured, and all extracted PCAP files are decompressed. • Real-Time Indicator of Compromise (IOC) Events: Active Trigger and Packet Analytics alerts generate event logs (or IPFIX records), which appear within the web GUI as a scrolling window. Any alert can be used to populate a BPF query to retrieve the associated PCAP data. • Open BPF Search: Run one or more simultaneous PCAP search queries, based on a user-defined BPF descriptor (e.g. 5-tuples within a time period). There is an active queue of waiting queries, and all PCAP query results are streamed in “chunks”, the first of which appear almost immediately after the query initiates. • Streamed PCAP Results: All PCAP query results are streamed in “chunks”, allowing partial results to be analyzed while the remaining query is completed, the first of which appear almost immediately after the query initiates. User-Defined & Dynamic Critical IOC Alerts Whatever Indicators of Compromise (IOC) are most critical for your application, you may choose what you need, and change them dynamically. These packet analytics features are options which a user may turn on and off as needed for optimal performance: • Active Trigger Alerts: Multiple BPF-based event logging alerts can be established for a “look forward” capability. • Full Session IDs: Each complete session or connection can be logged with a unique session ID, so that the requesting application can collect data about network activity, and request a PCAP file for any complete TCP session. • RFC Anomaly Detection: Detect and log hundreds of “unusual behavior” events which closely correlate to non-compliance with IETF RFCs. • File Logging for In/ Exfiltration: When Packet Continuum detects a file attachment or transfer, it logs the event along with a standard file hash identifier. • HTTP Event Logging: Log HTTP sessions along with key metadata like first URL. • FTP/GridFTP: Log FTP sessions, along with key metadata such as file hash. • IPFIX Record Output: As an alternative to high-speed logs, IPFIX standard data export is possible, allowing third party IPFIX data collection devices to receive event data from Packet Continuum. • Multiple Open BPF Searches: A specified number (more than one) of open BPF searches can be run for simultaneous “look back” searches of the historical PCAP repository. • Custom Packet Analytics: NextComputing works closely with OEMs and end users to implement specialized event detection, metadata extraction, and session post-processing applications.
Page 4 of 7 Rev 1.0b—10/15 Packet Continuum Capture Workflow
Page 5 of 7 Rev 1.0b—10/15 Incident Response Workflow: Human cyber investigation team at an end-user enterprise / agency Incident Response Workflow: Automated and driven by OEM solutions and 3rd party tools Use Cases • Incident Response Workflow • Event-to-PCAP Correlation • Policy-Driven Packet Capture • Automated File Detection • Selective DPI Analytics • Fast DPI Analytics • Look-Back + Look-Forward Actions • Full Context PCAP Extraction • Offload Resource-Intensive Operations • Entry-Level Platforms • Adaptive PCAP Algorthms Use Cases • Incident Response Workflow • Importing IoC alerts • User-Created Scripts • Data exfiltration • Bring PCAP evidence to court • Botnet Command-and-Control activity • Search for User anomalous behavior • Forensic traffic analysis • Network Behavior Anomaly Detection (NBAD) • Integration of real-time threat intelligence • Encrypted Traffic analysis
Page 6 of 7 Rev 1.0b—10/15 All Packet Continuum platforms are cluster-ready, have a common REST/API and Web GUI, and federate together as a global system. Enterprise-Grade Deployable Portable Platform Type Enterprise Extreme Enterprise Enterprise Lite Deployable Extreme Deployable Enterprise Portable Portable Rugged Purchase Options • Integrated capture appliance or • Option to purchase software license for deployment on customer-purchased enterprise- grade servers, with license terms for platform specs, integration, support, etc. Integrated capture appliance Integrated capture appliance Support Global hardware support direct from the enterprise-grade computer vendor, software support from NextComputing Full appliance support from NextComputing Full appliance support from NextComputing Capture Interface Options • 2 x 10G ports • 4 x 10G ports • 4 x 1G ports • 2 x 10G ports • 1 x 1G ports • 2 x 10G ports • 4 x 10G ports • 4 x 1G ports • 2 x 10G ports • 1 x or 2 x 10G • 4 x 1G fiber SFP+ • 1 x or 2 x 10G • 4 x 1G fiber SFP+ Capture Rate Options • Up to 15Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics • Up to 20Gbps with 2+ nodes • Up to 40Gbps with 6+ nodes • Up to 5Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics • Up to 10Gbps with 2+ nodes • Up to 20Gbps with 6+ nodes • Up to 500Mbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics • Up to 1Gbps with 2+ nodes Up to 40Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Up to 20Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Up to 20Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Up to 20Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Additional cluster nodes increase: capture rate, forensics timeline, and/or advanced packet analytics Additional cluster nodes increase: capture rate, forensics timeline, and/or advanced packet analytics Additional cluster nodes increase: capture rate, forensics timeline, and/or advanced packet analytics Forensic Timeline: Master Node PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 40TB physical, up to 800TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 10TB physical, up to 200TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification Forensic Timeline: Cluster Node PCAP storage of 100TB physical, up to 2PB with amplification PCAP storage of 100TB physical, up to 2PB with amplification PCAP storage of 100TB physical, up to 2PB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 10TB physical, up to 200TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification Forensic Timeline: Max System Capacity 28 nodes max, for total PCAP storage of 2.8PB physical, up to 56PB with amplification 8 nodes max, for total PCAP storage of 820TB physical, up to 16PB with amplification 8 nodes max, for total PCAP storage of 820TB physical, up to 16PB with amplification 8 nodes max, for total PCAP storage of 180TB physical, up to 3.6PB with amplification 8 nodes max, for total PCAP storage of 90TB physical, up to 1.8PB with amplification 8 nodes max, for total PCAP storage of 180TB physical, up to 3.6PB with amplification 8 nodes max, for total PCAP storage of 180TB physical, up to 3.6PB with amplification Physical: Master Node 4U rackmount, 31.59” (802.39mm) depth 2U rackmount, 26.92” (683.77mm) depth 2U rackmount, 26.92” (683.77mm) depth 3U x 20” (508mm) depth 2U x 17” (431.8 mm) depth Briefcase-size portable Rugged portable with optional fold-out displays Physical: Cluster Node 2U rackmount, 26.92” (683.77mm) depth 3U x 20” (508mm) depth 2U x 17” (431.8 ) depth Briefcase-size portable Rugged portable
Page 7 of 7 Rev 1.0b—10/15 20TB 100TB 400TB 800TB 2PB 16PB 56PB 0.5Gbps 3.8 days 19 days 76 days 152 days 1.1 years 8.5 years 29.8 years 1.0Gbps 1.9 days 9.5 days 38 days 76 days 194 days 4.3 years 14.9 years 5Gbps 9.1 hours 1.9 days 7.6 days 15 days 39 days 311 days 3.0 years 10Gbps 4.6 hours 22.8 hours 3.8 days 7.6 days 19 days 155 days 1.5 years 20Gbps 2.3 hours 11.4 hours 1.9 days 3.8 days 10 days 78 days 272 days 40Gbps 1.1 hours 5.7 hours 22.8 hours 1.9 days 5 days 39 days 136 days PCAP capture store, either the physical or amplified storage capacity AverageCaptureRate up to 24 hours up to 2 weeks up to 12 mos 1+ years This document is for informational purposes only. Updates and changes can occur without notice. All logos, trademarks, and service marks are the property of their respective owners. Copyright © NextComputing all rights reserved. NextComputing 4 Townsend West, Building 17, Nashua, NH 03063 Phone: 1 (603) 886-3874 • Fax: 1 (603) 886-1736 www.NextComputing.com • sales@Nextcomputing.com

Empfohlen

Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet Processing
Open-NFP
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
Pavel Odintsov
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 
Whitebox Switches Deployment Experience
Whitebox Switches Deployment ExperienceWhitebox Switches Deployment Experience
Whitebox Switches Deployment Experience
APNIC
 
OpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouter
Open-NFP
 
Lithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of ThingsLithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of Things
Joon Young Park
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Open-NFP
 
P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and Control
Open-NFP
 

Empfohlen

Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet Processing
Open-NFP
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
Pavel Odintsov
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 
Whitebox Switches Deployment Experience
Whitebox Switches Deployment ExperienceWhitebox Switches Deployment Experience
Whitebox Switches Deployment Experience
APNIC
 
OpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouter
Open-NFP
 
Lithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of ThingsLithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of Things
Joon Young Park
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Open-NFP
 
P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and Control
Open-NFP
 
Real time analytics with Netty, Storm, Kafka
Real time analytics with Netty, Storm, KafkaReal time analytics with Netty, Storm, Kafka
Real time analytics with Netty, Storm, Kafka
Trieu Nguyen
 
Apache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open SourceApache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open Source
Timothy Spann
 
Delegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoTDelegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoT
Joon Young Park
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...
LibbySchulze
 
Apache Pulsar First Overview
Apache Pulsar First OverviewApache Pulsar First Overview
Apache Pulsar First Overview
Ricardo Paiva
 
Kathará - NOMS 2018
Kathará - NOMS 2018Kathará - NOMS 2018
Kathará - NOMS 2018
Gaetano Bonofiglio
 
Hyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul AwalHyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul Awal
harryvanhaaren
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Timothy Spann
 
Telco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_finalTelco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_final
Junho Suh
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
HSM migration with EasyHSM and Nirvana
HSM migration with EasyHSM and NirvanaHSM migration with EasyHSM and Nirvana
HSM migration with EasyHSM and Nirvana
Igor Sfiligoi
 
[March sn meetup] apache pulsar + apache nifi for cloud data lake
[March sn meetup] apache pulsar + apache nifi for cloud data lake[March sn meetup] apache pulsar + apache nifi for cloud data lake
[March sn meetup] apache pulsar + apache nifi for cloud data lake
Timothy Spann
 
nextcomputing-cyberpro
nextcomputing-cyberpronextcomputing-cyberpro
nextcomputing-cyberpro
blabadini
 
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
Junho Suh
 
EasyHSM with Nirvana
EasyHSM with NirvanaEasyHSM with Nirvana
EasyHSM with Nirvana
Igor Sfiligoi
 
German Sviridov - PhD defense
German Sviridov - PhD defense German Sviridov - PhD defense
German Sviridov - PhD defense
German Sviridov
 
Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...
Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...
Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...
Phonothèque MMSH
 
Hyperthyroidism and the safety of radioiodine in children
Hyperthyroidism and the safety of radioiodine in childrenHyperthyroidism and the safety of radioiodine in children
Hyperthyroidism and the safety of radioiodine in children
meducationdotnet
 
Η πτώχευση του 1893 και ο ΔΟΕ
Η πτώχευση του 1893 και ο ΔΟΕΗ πτώχευση του 1893 και ο ΔΟΕ
Η πτώχευση του 1893 και ο ΔΟΕ
ΣΟΦΙΑ ΦΕΛΛΑΧΙΔΟΥ
 
Willem-Jan van Elk: De leermiddelenmarkt beweegt...
Willem-Jan van Elk: De leermiddelenmarkt beweegt...Willem-Jan van Elk: De leermiddelenmarkt beweegt...
Willem-Jan van Elk: De leermiddelenmarkt beweegt...
Stichting VO-content
 
scientific writing 01 - latex
scientific writing 01 - latexscientific writing 01 - latex
scientific writing 01 - latex
Leo Chen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Real time analytics with Netty, Storm, Kafka
Real time analytics with Netty, Storm, KafkaReal time analytics with Netty, Storm, Kafka
Real time analytics with Netty, Storm, Kafka
Trieu Nguyen
 
Hyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul AwalHyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul Awal
harryvanhaaren
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
[March sn meetup] apache pulsar + apache nifi for cloud data lake
[March sn meetup] apache pulsar + apache nifi for cloud data lake[March sn meetup] apache pulsar + apache nifi for cloud data lake
[March sn meetup] apache pulsar + apache nifi for cloud data lake
Timothy Spann
 
nextcomputing-cyberpro
nextcomputing-cyberpronextcomputing-cyberpro
nextcomputing-cyberpro
blabadini
 

Was ist angesagt? (17)

Real time analytics with Netty, Storm, Kafka
Real time analytics with Netty, Storm, KafkaReal time analytics with Netty, Storm, Kafka
Real time analytics with Netty, Storm, Kafka
 
Apache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open SourceApache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open Source
 
Delegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoTDelegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoT
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...
 
Apache Pulsar First Overview
Apache Pulsar First OverviewApache Pulsar First Overview
Apache Pulsar First Overview
 
Kathará - NOMS 2018
Kathará - NOMS 2018Kathará - NOMS 2018
Kathará - NOMS 2018
 
Hyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul AwalHyperscan - Mohammad Abdul Awal
Hyperscan - Mohammad Abdul Awal
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
 
Telco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_finalTelco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_final
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
 
HSM migration with EasyHSM and Nirvana
HSM migration with EasyHSM and NirvanaHSM migration with EasyHSM and Nirvana
HSM migration with EasyHSM and Nirvana
 
[March sn meetup] apache pulsar + apache nifi for cloud data lake
[March sn meetup] apache pulsar + apache nifi for cloud data lake[March sn meetup] apache pulsar + apache nifi for cloud data lake
[March sn meetup] apache pulsar + apache nifi for cloud data lake
 
nextcomputing-cyberpro
nextcomputing-cyberpronextcomputing-cyberpro
nextcomputing-cyberpro
 
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
 
EasyHSM with Nirvana
EasyHSM with NirvanaEasyHSM with Nirvana
EasyHSM with Nirvana
 
German Sviridov - PhD defense
German Sviridov - PhD defense German Sviridov - PhD defense
German Sviridov - PhD defense
 

Andere mochten auch

Hyperthyroidism and the safety of radioiodine in children
Hyperthyroidism and the safety of radioiodine in childrenHyperthyroidism and the safety of radioiodine in children
Hyperthyroidism and the safety of radioiodine in children
meducationdotnet
 
Explanation of autosomal dominant inheritance
Explanation of autosomal dominant inheritanceExplanation of autosomal dominant inheritance
Explanation of autosomal dominant inheritance
meducationdotnet
 
artificial intelligence
artificial intelligenceartificial intelligence
artificial intelligence
vallibhargavi
 

Andere mochten auch (13)

Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...
Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...
Singing planting wheat, a song recorded in the field in 1964 by Marceau Gast ...
 
Hyperthyroidism and the safety of radioiodine in children
Hyperthyroidism and the safety of radioiodine in childrenHyperthyroidism and the safety of radioiodine in children
Hyperthyroidism and the safety of radioiodine in children
 
Η πτώχευση του 1893 και ο ΔΟΕ
Η πτώχευση του 1893 και ο ΔΟΕΗ πτώχευση του 1893 και ο ΔΟΕ
Η πτώχευση του 1893 και ο ΔΟΕ
 
Willem-Jan van Elk: De leermiddelenmarkt beweegt...
Willem-Jan van Elk: De leermiddelenmarkt beweegt...Willem-Jan van Elk: De leermiddelenmarkt beweegt...
Willem-Jan van Elk: De leermiddelenmarkt beweegt...
 
scientific writing 01 - latex
scientific writing 01 - latexscientific writing 01 - latex
scientific writing 01 - latex
 
Premenstrual Syndrome
Premenstrual SyndromePremenstrual Syndrome
Premenstrual Syndrome
 
【第2回】VR道場 Unity × Oculus Touch ~VRで手を動かしてみよう~
【第2回】VR道場 Unity × Oculus Touch ~VRで手を動かしてみよう~【第2回】VR道場 Unity × Oculus Touch ~VRで手を動かしてみよう~
【第2回】VR道場 Unity × Oculus Touch ~VRで手を動かしてみよう~
 
Explanation of autosomal dominant inheritance
Explanation of autosomal dominant inheritanceExplanation of autosomal dominant inheritance
Explanation of autosomal dominant inheritance
 
Ecommerce
EcommerceEcommerce
Ecommerce
 
Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?
 
Guía de implementación iso 27001:2013
Guía de implementación iso 27001:2013Guía de implementación iso 27001:2013
Guía de implementación iso 27001:2013
 
WebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt PackWebLogic 12c & WebLogic Mgmt Pack
WebLogic 12c & WebLogic Mgmt Pack
 
artificial intelligence
artificial intelligenceartificial intelligence
artificial intelligence
 

Ähnlich wie nextcomputing-packet-continuum

Continuum pcap-oem
Continuum pcap-oemContinuum pcap-oem
Continuum pcap-oem
blabadini
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale final
Joe Krotz
 
WarsawITDays_ ApacheNiFi202
WarsawITDays_ ApacheNiFi202WarsawITDays_ ApacheNiFi202
WarsawITDays_ ApacheNiFi202
Timothy Spann
 
Automating Research Data Management at Scale with Globus
Automating Research Data Management at Scale with GlobusAutomating Research Data Management at Scale with Globus
Automating Research Data Management at Scale with Globus
Globus
 
Intel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalIntel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-final
Deepak Mane
 
Intro to Apache Apex - Next Gen Platform for Ingest and Transform
Intro to Apache Apex - Next Gen Platform for Ingest and TransformIntro to Apache Apex - Next Gen Platform for Ingest and Transform
Intro to Apache Apex - Next Gen Platform for Ingest and Transform
Apache Apex
 
Solera Networks
Solera NetworksSolera Networks
Solera Networks
gigamon
 
Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...
Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...
Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...
HostedbyConfluent
 
Event Hub (i.e. Kafka) in Modern Data Architecture
Event Hub (i.e. Kafka) in Modern Data ArchitectureEvent Hub (i.e. Kafka) in Modern Data Architecture
Event Hub (i.e. Kafka) in Modern Data Architecture
Guido Schmutz
 

Ähnlich wie nextcomputing-packet-continuum (20)

Continuum pcap-oem
Continuum pcap-oemContinuum pcap-oem
Continuum pcap-oem
 
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
 
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
Azure Event Hubs - Behind the Scenes With Kasun Indrasiri | Current 2022
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale final
 
WarsawITDays_ ApacheNiFi202
WarsawITDays_ ApacheNiFi202WarsawITDays_ ApacheNiFi202
WarsawITDays_ ApacheNiFi202
 
GPA Software Overview R3
GPA Software Overview R3GPA Software Overview R3
GPA Software Overview R3
 
Distributed Tracing with OpenTracing, ZipKin and Kubernetes
Distributed Tracing with OpenTracing, ZipKin and KubernetesDistributed Tracing with OpenTracing, ZipKin and Kubernetes
Distributed Tracing with OpenTracing, ZipKin and Kubernetes
 
Automating Research Data Management at Scale with Globus
Automating Research Data Management at Scale with GlobusAutomating Research Data Management at Scale with Globus
Automating Research Data Management at Scale with Globus
 
Intel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalIntel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-final
 
The Application-Centric Cloud: Why the Network Still Matters
The Application-Centric Cloud: Why the Network Still MattersThe Application-Centric Cloud: Why the Network Still Matters
The Application-Centric Cloud: Why the Network Still Matters
 
OpenStack High Availability
OpenStack High AvailabilityOpenStack High Availability
OpenStack High Availability
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HA
 
Global Data Stream Network for Internet of Things
Global Data Stream Network for Internet of ThingsGlobal Data Stream Network for Internet of Things
Global Data Stream Network for Internet of Things
 
HPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journeyHPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journey
 
Intro to Apache Apex - Next Gen Platform for Ingest and Transform
Intro to Apache Apex - Next Gen Platform for Ingest and TransformIntro to Apache Apex - Next Gen Platform for Ingest and Transform
Intro to Apache Apex - Next Gen Platform for Ingest and Transform
 
Solera Networks
Solera NetworksSolera Networks
Solera Networks
 
Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...
Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...
Maximizing Real-Time Data Processing with Apache Kafka and InfluxDB: A Compre...
 
Architectual Comparison of Apache Apex and Spark Streaming
Architectual Comparison of Apache Apex and Spark StreamingArchitectual Comparison of Apache Apex and Spark Streaming
Architectual Comparison of Apache Apex and Spark Streaming
 
Event Hub (i.e. Kafka) in Modern Data Architecture
Event Hub (i.e. Kafka) in Modern Data ArchitectureEvent Hub (i.e. Kafka) in Modern Data Architecture
Event Hub (i.e. Kafka) in Modern Data Architecture
 
Dror goldenberg
Dror goldenbergDror goldenberg
Dror goldenberg
 

Mehr von blabadini

nextcomputing-edge
nextcomputing-edgenextcomputing-edge
nextcomputing-edge
blabadini
 
nucleus-rm-capture-20x2
nucleus-rm-capture-20x2nucleus-rm-capture-20x2
nucleus-rm-capture-20x2
blabadini
 
Flextop Overview
Flextop OverviewFlextop Overview
Flextop Overview
blabadini
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
blabadini
 
V Evohd Intel
V Evohd IntelV Evohd Intel
V Evohd Intel
blabadini
 

Mehr von blabadini (8)

nextcomputing-edge
nextcomputing-edgenextcomputing-edge
nextcomputing-edge
 
nucleus-rm-capture-20x2
nucleus-rm-capture-20x2nucleus-rm-capture-20x2
nucleus-rm-capture-20x2
 
Flextop Overview
Flextop OverviewFlextop Overview
Flextop Overview
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Nd Evo Plus
Nd Evo PlusNd Evo Plus
Nd Evo Plus
 
Radius Le
Radius LeRadius Le
Radius Le
 
V Evohd Intel
V Evohd IntelV Evohd Intel
V Evohd Intel
 
Radius Ex
Radius ExRadius Ex
Radius Ex
 

nextcomputing-packet-continuum

  • 1. Page 1 of 7 Rev 1.0b—10/15 INNOVATIVE, OPEN, MASSIVELY SCALABLE PACKET CAPTURE SOFTWARE Packet Continuum is a powerful, massively-scalable software architecture that offers lossless packet capture, fast query retrieval, and real-time event alerting. With unique special features like in-line data compression and an open architecture, Packet Continuum makes the most of your resources, dramatically lowering the cost of creating long, rapidly-searchable forensic capture timelines. Its ability to process, store, and search across a cluster of systems lets you build the right solution for any size network application for cyber security or performance. NextComputing offers complete packet capture solutions by combining the Packet Continuum software with high-performance platforms in a variety of form factors (see last page for details). Whether you need maximum density, space-saving compact systems, a unique portable solution, or you want to utilize your existing infrastructure of commodity servers, NextComputing has the perfect solution for you. Federate multiple capture sites, anywhere! Lossless Packet Capture, with Deterministic Performance Scalable, Lightweight, MapReduce Cluster Architecture Extended Forensic Timeline and Storage Features Intuitive Web GUI and RESTful Interface Real-Time Packet Analytics User-Defined & Dynamic Critical IOC Alerts
  • 2. Page 2 of 7 Rev 1.0b—10/15 Lossless Packet Capture, With Deterministic Performance Packet Continuum provides a performance guarantee for a set of real-time packet analytics functions, at a sustained lossless capture rate, and a specified number of Packet Continuum cluster nodes. This means a deterministic guarantee to capture every packet under real world conditions, not just a “best effort” attempt. Conditions of maximum network stress are key to discovering the hidden performance problem or cyber security threat. • Lossless packet capture from 1Gbps to 40Gbps • Time stamping of 150 nanoseconds, using generic network interfaces instead of expensive specialized capture cards • Real time indexing, for efficient query and retrieval of retrospective PCAP data • Real time packet analytics, to generate Indicators of Compromise (IOC) alerts • Scalable architecture to meet your speed and/or analytics requirements • The ability to “federate” multiple cluster-based capture systems, for global visibility and PCAP retrieval Scalable, Lightweight, MapReduce Cluster Architecture The Packet Continuum cluster-based architecture can scale up smoothly to accommodate any combination of desired goals for capture speed, custom alerting, and extended forensic timeline creation. • Scalable to multiple nodes; simply adding cluster nodes will increase packet analytics capacity, sustained capture rates, and (of course) storage capacity • Packet processing is distributed to cluster nodes • PCAP storage and index tables are distributed to cluster nodes • Dynamic node management, including redundancy and hot-swap / expand Extended Forensic Timeline and Storage Features Packet Continuum offers many features to lower the cost of maintaining very long timelines, on a massive scale. • Overall storage amplification up to 20x (depending on percentage of traffic with SSL encrypted or compressed packet payloads) • Forensic timeline that is scalable, distributed and searchable over days, and weeks, depending on average capture rate • Even for very long timelines, queries respond with stream-based extracted packets, so analysis can occur in parallel with data retrieval • Massive queries over large timelines respond quickly, even as the timeline increases • Federated search across multiple Packet Continuum appliances at diverse geographic locations, without any “concentrator” servers as intermediaries • Policy-driven packet capture in coordination with 3rd party analytics solutions Intuitive Web GUI and Restful Interface Manage and control multiple devices and review a continuous log of alerts, which auto-populate query requests, to drill down to find and extract the PCAP files you need. • A common interface across all platforms • Log and metadata information visualization, search, and packet viewing • Manage multiple clusters and nodes as a federated system • Remote access, automation, and control through your own choice of analytics application and framework
  • 3. Page 3 of 7 Rev 1.0b—10/15 Real-Time Packet Analytics These packet analytics features are standard on all platform configurations for Packet Continuum: • Real-Time Indexing: Every packet gets a timestamp and 5-tuple index, which includes IP address source/destination, port source/ destination, and protocol (IP, UDP, ICMP). • Real-time Data Compression: In-line packet compression is transparent to the user. All packets are compressed as they are captured, and all extracted PCAP files are decompressed. • Real-Time Indicator of Compromise (IOC) Events: Active Trigger and Packet Analytics alerts generate event logs (or IPFIX records), which appear within the web GUI as a scrolling window. Any alert can be used to populate a BPF query to retrieve the associated PCAP data. • Open BPF Search: Run one or more simultaneous PCAP search queries, based on a user-defined BPF descriptor (e.g. 5-tuples within a time period). There is an active queue of waiting queries, and all PCAP query results are streamed in “chunks”, the first of which appear almost immediately after the query initiates. • Streamed PCAP Results: All PCAP query results are streamed in “chunks”, allowing partial results to be analyzed while the remaining query is completed, the first of which appear almost immediately after the query initiates. User-Defined & Dynamic Critical IOC Alerts Whatever Indicators of Compromise (IOC) are most critical for your application, you may choose what you need, and change them dynamically. These packet analytics features are options which a user may turn on and off as needed for optimal performance: • Active Trigger Alerts: Multiple BPF-based event logging alerts can be established for a “look forward” capability. • Full Session IDs: Each complete session or connection can be logged with a unique session ID, so that the requesting application can collect data about network activity, and request a PCAP file for any complete TCP session. • RFC Anomaly Detection: Detect and log hundreds of “unusual behavior” events which closely correlate to non-compliance with IETF RFCs. • File Logging for In/ Exfiltration: When Packet Continuum detects a file attachment or transfer, it logs the event along with a standard file hash identifier. • HTTP Event Logging: Log HTTP sessions along with key metadata like first URL. • FTP/GridFTP: Log FTP sessions, along with key metadata such as file hash. • IPFIX Record Output: As an alternative to high-speed logs, IPFIX standard data export is possible, allowing third party IPFIX data collection devices to receive event data from Packet Continuum. • Multiple Open BPF Searches: A specified number (more than one) of open BPF searches can be run for simultaneous “look back” searches of the historical PCAP repository. • Custom Packet Analytics: NextComputing works closely with OEMs and end users to implement specialized event detection, metadata extraction, and session post-processing applications.
  • 4. Page 4 of 7 Rev 1.0b—10/15 Packet Continuum Capture Workflow
  • 5. Page 5 of 7 Rev 1.0b—10/15 Incident Response Workflow: Human cyber investigation team at an end-user enterprise / agency Incident Response Workflow: Automated and driven by OEM solutions and 3rd party tools Use Cases • Incident Response Workflow • Event-to-PCAP Correlation • Policy-Driven Packet Capture • Automated File Detection • Selective DPI Analytics • Fast DPI Analytics • Look-Back + Look-Forward Actions • Full Context PCAP Extraction • Offload Resource-Intensive Operations • Entry-Level Platforms • Adaptive PCAP Algorthms Use Cases • Incident Response Workflow • Importing IoC alerts • User-Created Scripts • Data exfiltration • Bring PCAP evidence to court • Botnet Command-and-Control activity • Search for User anomalous behavior • Forensic traffic analysis • Network Behavior Anomaly Detection (NBAD) • Integration of real-time threat intelligence • Encrypted Traffic analysis
  • 6. Page 6 of 7 Rev 1.0b—10/15 All Packet Continuum platforms are cluster-ready, have a common REST/API and Web GUI, and federate together as a global system. Enterprise-Grade Deployable Portable Platform Type Enterprise Extreme Enterprise Enterprise Lite Deployable Extreme Deployable Enterprise Portable Portable Rugged Purchase Options • Integrated capture appliance or • Option to purchase software license for deployment on customer-purchased enterprise- grade servers, with license terms for platform specs, integration, support, etc. Integrated capture appliance Integrated capture appliance Support Global hardware support direct from the enterprise-grade computer vendor, software support from NextComputing Full appliance support from NextComputing Full appliance support from NextComputing Capture Interface Options • 2 x 10G ports • 4 x 10G ports • 4 x 1G ports • 2 x 10G ports • 1 x 1G ports • 2 x 10G ports • 4 x 10G ports • 4 x 1G ports • 2 x 10G ports • 1 x or 2 x 10G • 4 x 1G fiber SFP+ • 1 x or 2 x 10G • 4 x 1G fiber SFP+ Capture Rate Options • Up to 15Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics • Up to 20Gbps with 2+ nodes • Up to 40Gbps with 6+ nodes • Up to 5Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics • Up to 10Gbps with 2+ nodes • Up to 20Gbps with 6+ nodes • Up to 500Mbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics • Up to 1Gbps with 2+ nodes Up to 40Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Up to 20Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Up to 20Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Up to 20Gbps aggregate lossless capture rate, with no cluster nodes and basic packet analytics Additional cluster nodes increase: capture rate, forensics timeline, and/or advanced packet analytics Additional cluster nodes increase: capture rate, forensics timeline, and/or advanced packet analytics Additional cluster nodes increase: capture rate, forensics timeline, and/or advanced packet analytics Forensic Timeline: Master Node PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 40TB physical, up to 800TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 10TB physical, up to 200TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification Forensic Timeline: Cluster Node PCAP storage of 100TB physical, up to 2PB with amplification PCAP storage of 100TB physical, up to 2PB with amplification PCAP storage of 100TB physical, up to 2PB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 10TB physical, up to 200TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification PCAP storage of 20TB physical, up to 400TB with amplification Forensic Timeline: Max System Capacity 28 nodes max, for total PCAP storage of 2.8PB physical, up to 56PB with amplification 8 nodes max, for total PCAP storage of 820TB physical, up to 16PB with amplification 8 nodes max, for total PCAP storage of 820TB physical, up to 16PB with amplification 8 nodes max, for total PCAP storage of 180TB physical, up to 3.6PB with amplification 8 nodes max, for total PCAP storage of 90TB physical, up to 1.8PB with amplification 8 nodes max, for total PCAP storage of 180TB physical, up to 3.6PB with amplification 8 nodes max, for total PCAP storage of 180TB physical, up to 3.6PB with amplification Physical: Master Node 4U rackmount, 31.59” (802.39mm) depth 2U rackmount, 26.92” (683.77mm) depth 2U rackmount, 26.92” (683.77mm) depth 3U x 20” (508mm) depth 2U x 17” (431.8 mm) depth Briefcase-size portable Rugged portable with optional fold-out displays Physical: Cluster Node 2U rackmount, 26.92” (683.77mm) depth 3U x 20” (508mm) depth 2U x 17” (431.8 ) depth Briefcase-size portable Rugged portable
  • 7. Page 7 of 7 Rev 1.0b—10/15 20TB 100TB 400TB 800TB 2PB 16PB 56PB 0.5Gbps 3.8 days 19 days 76 days 152 days 1.1 years 8.5 years 29.8 years 1.0Gbps 1.9 days 9.5 days 38 days 76 days 194 days 4.3 years 14.9 years 5Gbps 9.1 hours 1.9 days 7.6 days 15 days 39 days 311 days 3.0 years 10Gbps 4.6 hours 22.8 hours 3.8 days 7.6 days 19 days 155 days 1.5 years 20Gbps 2.3 hours 11.4 hours 1.9 days 3.8 days 10 days 78 days 272 days 40Gbps 1.1 hours 5.7 hours 22.8 hours 1.9 days 5 days 39 days 136 days PCAP capture store, either the physical or amplified storage capacity AverageCaptureRate up to 24 hours up to 2 weeks up to 12 mos 1+ years This document is for informational purposes only. Updates and changes can occur without notice. All logos, trademarks, and service marks are the property of their respective owners. Copyright © NextComputing all rights reserved. NextComputing 4 Townsend West, Building 17, Nashua, NH 03063 Phone: 1 (603) 886-3874 • Fax: 1 (603) 886-1736 www.NextComputing.com • sales@Nextcomputing.com