OverviewPART I: Cyber & Our Solution
PART II: Technical Details
Founded in 2008 by 2 R&D directors from Allot Communications
Extensive experience in networking, infrastructure, intelligence, data aggregation
Current customers include: government, enterprises and mobile operators
High-performance solutions for Network Intelligence (URL Filtering, Load Balancing and Network Analytics for Layer 7)
Security Solutions for Network Forensics
About Agata
Intellectual Property (IP) is not safe Man in the middle attacks by criminals Data theft Financial theft Espionage Organization is legally liable
Risks and Threats From CyberFocus on malware signatures – won't
find the infected machines
Real-time (and Back-in-time ) analysis of data Find threats by:
Analyzing unknown or suspicious files to uncover malicious behaviors
Using packet captures (PCAP) to record the unknown traffic
Utilizing behavioral botnet reports
Identify unknown mobile users, known exploits, remote users
Identify unknown geographical (and domain) sources of traffic
Analyze download history and content
20 Gbps Continuous packet capture with nanosec time stamping
Agata Forensics SolutionRecord – Analyze - Track
Using Agata DPI Probe for 20Gbps traffic
High speed Layer-7 analysis (Meta data) and storage of data
Probe Network hierarchy: Passive tapping
Processing/collecting information based on tens of thousands of filters
Redirecting filtered traffic to external servers for advanced analysis Using the following Agata capabilities:
Filter/Layer-7 classification engine Traffic decapsulation (MPLS, PPoE) Up to 50,000 overlapping policy rules Rules are defined by conditions and actions Integration with advanced storage and analysis systems Filtered sessions enriched with DPI results (App ID)
Agata Use Case:Very Large Traffic Analysis atAsian Network (mn's of users)
DPI EngineData CollectionReportsL7 Load BalancingURL FilteringHardware Configurations
PART II:Agata Technical Details
Agata’s Network Intelligence is based on an advanced dynamic DPI engine for high speed
networks, data aggregation (big data) and analysis tools.
Agata’s DPI based probes supports up to 20Gbps per blade.
The probes are based on Broadcom XLP Multicore processors or Cavium Octeon.
Dynamic DPI engine
Topology
Network analytics with sessions statistics, Protocols/Applications metadata extraction. The DPI engine identifies more than 1,000 applications and protocols (e.g. Skype,
Facebook, YouTube, Emails, etc.) and detects Non-standard/untrusted traffic and Traffic headers modification.
Provides full visibility and ability to find the relevant data with easy to use tools Extensive of on-demand/scheduled reports and graphs Extraction of network, metadata, subscribers, devices information Convert network traffic into content (Web pages, Emails & attachments, Instant Messages, VoIP) Keyword searching using regex in collected and indexed data and content Alerts and actions A centralized dashboard view
Network Analytics
List of unknown encrypted sessions
List of email attachments that were sent during certain time window
Report on user’s traffic anomaly (e.g. access from Dev department to finance dep.)
Report of sessions to unknown external geo-location
Report on file sharing application usage: Dropbox, Skype, Google drive.
Report on remote control sessions: SSH, Telnet, RDP, Teamviewer
Content based reports – list of content containing specific regular expressions
Event report (identify event anomaly such as change in protocol headers)
Cyber Forensics Reports – examples
Collected Information
Network Data Examples • Unique ID• Timestamp• Site• Subscriber Name/ID• Statistics
Session Duration Bytes In/Out Packets In/Out Live Connections
• Networking Source/Destination MAC addresses Encapsulation Protocol Type: IP/TCP/UDP Source IP and Port Destination IP and Port Protocol /Application Information from packet header/data
Statistics reports and graphsPer session statistics (Bytes/Packets and Connections) on the network traffic is collected constantlyAn administrator can generate large variety of on-demand scheduled reports and graphsThe report generator interface allows drilling-down from all-network view to single session view
Metadata reportsApplications metadata is collected constantlyThe system collects metadata on applications like WhatsApp, HTTP, VoIP, Emails, etcThe metadata is can be exported via csv files or SQL based DB interface.
Reports
Advanced Layer 4 and Layer 7 load balancing
The filters and classification engine supports up to 50,000 overlapping policy rules and
the rules are defined by conditions and actions
The supported load balancing algorithms are: Round robin
Weighted round robin
Least loaded port
Least connections per port
Layer 7 Load Balancer
An online content filter demands to protect users (mobile and others) at risk
HTTP/HTTPS support URL filtering by category File type blocking SSL Inspection
Application Control P2P and IM blocking Internet applications blocking IP and Port blocking
Provides social Media behaviour reports
URL Filtering
Probe – Hardware Option 1HP Server + Cavium Octeon PCIe card
Probe – Hardware Option 2Broadcom XLP
Thank YouUdi LevinC. +972.544.510670
Top Related