OverviewPART I: Cyber & Our Solution

PART II: Technical Details

Founded in 2008 by 2 R&D directors from Allot Communications

Extensive experience in networking, infrastructure, intelligence, data aggregation

Current customers include: government, enterprises and mobile operators

High-performance solutions for Network Intelligence (URL Filtering, Load Balancing and Network Analytics for Layer 7)

Security Solutions for Network Forensics

About Agata

Intellectual Property (IP) is not safe Man in the middle attacks by criminals Data theft Financial theft Espionage Organization is legally liable

Risks and Threats From CyberFocus on malware signatures – won't

find the infected machines

Real-time (and Back-in-time ) analysis of data Find threats by:

Analyzing unknown or suspicious files to uncover malicious behaviors

Using packet captures (PCAP) to record the unknown traffic

Utilizing behavioral botnet reports

Identify unknown mobile users, known exploits, remote users

Identify unknown geographical (and domain) sources of traffic

Analyze download history and content

20 Gbps Continuous packet capture with nanosec time stamping

Agata Forensics SolutionRecord – Analyze - Track

Using Agata DPI Probe for 20Gbps traffic

High speed Layer-7 analysis (Meta data) and storage of data

Probe Network hierarchy: Passive tapping

Processing/collecting information based on tens of thousands of filters

Redirecting filtered traffic to external servers for advanced analysis Using the following Agata capabilities:

Filter/Layer-7 classification engine Traffic decapsulation (MPLS, PPoE) Up to 50,000 overlapping policy rules Rules are defined by conditions and actions Integration with advanced storage and analysis systems Filtered sessions enriched with DPI results (App ID)

Agata Use Case:Very Large Traffic Analysis atAsian Network (mn's of users)

DPI EngineData CollectionReportsL7 Load BalancingURL FilteringHardware Configurations

PART II:Agata Technical Details

Agata’s Network Intelligence is based on an advanced dynamic DPI engine for high speed

networks, data aggregation (big data) and analysis tools.

Agata’s DPI based probes supports up to 20Gbps per blade.

The probes are based on Broadcom XLP Multicore processors or Cavium Octeon.

Dynamic DPI engine

Topology

Network analytics with sessions statistics, Protocols/Applications metadata extraction. The DPI engine identifies more than 1,000 applications and protocols (e.g. Skype,

Facebook, YouTube, Emails, etc.) and detects Non-standard/untrusted traffic and Traffic headers modification.

Provides full visibility and ability to find the relevant data with easy to use tools Extensive of on-demand/scheduled reports and graphs Extraction of network, metadata, subscribers, devices information Convert network traffic into content (Web pages, Emails & attachments, Instant Messages, VoIP) Keyword searching using regex in collected and indexed data and content Alerts and actions A centralized dashboard view

Network Analytics

List of unknown encrypted sessions

List of email attachments that were sent during certain time window

Report on user’s traffic anomaly (e.g. access from Dev department to finance dep.)

Report of sessions to unknown external geo-location

Report on file sharing application usage: Dropbox, Skype, Google drive.

Report on remote control sessions: SSH, Telnet, RDP, Teamviewer

Content based reports – list of content containing specific regular expressions

Event report (identify event anomaly such as change in protocol headers)

Cyber Forensics Reports – examples

Collected Information

Network Data Examples • Unique ID• Timestamp• Site• Subscriber Name/ID• Statistics

Session Duration Bytes In/Out Packets In/Out Live Connections

• Networking Source/Destination MAC addresses Encapsulation Protocol Type: IP/TCP/UDP Source IP and Port Destination IP and Port Protocol /Application Information from packet header/data

Statistics reports and graphsPer session statistics (Bytes/Packets and Connections) on the network traffic is collected constantlyAn administrator can generate large variety of on-demand scheduled reports and graphsThe report generator interface allows drilling-down from all-network view to single session view

Metadata reportsApplications metadata is collected constantlyThe system collects metadata on applications like WhatsApp, HTTP, VoIP, Emails, etcThe metadata is can be exported via csv files or SQL based DB interface.

Reports

Advanced Layer 4 and Layer 7 load balancing

The filters and classification engine supports up to 50,000 overlapping policy rules and

the rules are defined by conditions and actions

The supported load balancing algorithms are: Round robin

Weighted round robin

Least loaded port

Least connections per port

Layer 7 Load Balancer

An online content filter demands to protect users (mobile and others) at risk

HTTP/HTTPS support URL filtering by category File type blocking SSL Inspection

Application Control P2P and IM blocking Internet applications blocking IP and Port blocking

Provides social Media behaviour reports

URL Filtering

Probe – Hardware Option 1HP Server + Cavium Octeon PCIe card

Probe – Hardware Option 2Broadcom XLP

Thank YouUdi LevinC. +972.544.510670

M. udi.levin@agata-solutions.com