Clusterpoint Network Traffic Surveillance System
Download
1 / 23

Clusterpoint Network Traffic Surveillance System - PowerPoint PPT Presentation


  • 223 Views
  • Uploaded on

Clusterpoint Network Traffic Surveillance System … or how to enforce your network security policies June, 2011 Ģirts Palejs. London Subway Bombing, 2005. During the investigations into the London bombings in 2005: 90,000 hard drives and video tapes from CCTV systems were seized,

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Clusterpoint Network Traffic Surveillance System' - tivona


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Clusterpoint Network Traffic Surveillance System

… or how to enforce your network security policies

June, 2011

Ģirts Palejs


London Subway Bombing, 2005

  • During the investigations into the London bombings in 2005:

  • 90,000 hard drives and video tapes from CCTV systems were seized,

  • 100 computers,

  • 500,000 pages of photocopying,

  • 4000 exhibits, 70 telephones and 10,000 statements.


Fast, real-time & secure access to records of all online interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics


Clusterpoint Network Traffic Surveillance System interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensicsis an enterprise level corporate network traffic security solution

  • It serves as:

    • Network Traffic Recording and Reengineering Platform

    • Long-term Data Retention & Full Content Search Platform

    • Risk Monitoring, Alerting & Data Loss Investigation Platform


Clusterpoint ntss collects data on all user machine network activities
Clusterpoint NTSS collects data on ALL interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensicsuser & machinenetwork activities

NTSS

1. All TCP & UDP traffic IP packets between customer and Internet get forwarded to NTSS (by tapping a network switch or gateway link, no proxies or software agents on user PCs needed )

Internet Traffic

IPpackets

Decoder

2. IP packets are reengineered back to application level information units (web pages viewed, e-mails sent, documents transferred, images, video/audio, chat sessions etc ).

3. All reengineered and analysed information is fully indexed and stored in Clusterpoint Server database.

Entirely searchable

&

scalable

NTSS

database

  • 4. Easy to use WEB interface provides necessary tools, to:

    • get a quick situation overviews,

    • search through the collected data,

    • receive alerts on user defined criteria,

    • follow up on network user activities,

    • preview the reconstructed information.


Search internet style with simple keyword suggestions
Search Internet-style with Simple Keyword Suggestions interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics


Detailed search results
Detailed Search Results interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics


Complete information previews
Complete Information Previews interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics


Email and attachment preview
Email and Attachment Preview interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics


Be In Control of the Unpredictable interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics

Anti-virus software,

Port filters,

Proxies,

Firewalls,

Application firewalls,

Software Agents

... they all mostly deal with predictable, pre-defined, already known threats or anomalies.

Clusterpoint NTSS collects all network traffic data regardless of predefined assumptions, and therefore helps to pinpoint and discover unforeseen security threats.

In particular, providing sub-second full content search and database scalability for tens of gigabytes of traffic per day, it is an indispensable tool for quick tracking down suspected cyber-security incidents.

Why Clusterpoint NTSS

Use cases


  • Control Acceptable Use Policy interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics

  • Easily point out Acceptable Use Policy violations, either by manually locating the incidents, or setting up automated Alerts.

Why Clusterpoint NTSS

Use cases

Such discoveries directly help to improve online security policies


  • interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensicsInsider” Trading and Information Theft Monitoring

  • Setup alerts to warn IT security when documents with specific contents are sent out to a specific or just any destination on the Internet.

Why Clusterpoint NTSS

Use cases

Receive alert when documents containing specific keyword(s) or metadata are sent to external e-mails or web-mail accounts.


  • Deal with negative publicity from local sources interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics

  • Monitor what local employees are posting in regards to your company on the public Internet resources.

Why Clusterpoint NTSS

Use cases

FaceBook Virgin Airlines Fiasco

“ ... firing ‘13 flight attendants for criticising the airline’s flight safety standards and describing its passengers as “chavs” on a social networking website’. “


  • Discover long standing data security threats. interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics

  • Some security breaches are not obvious in real-time, short term monitoring.

  • Having access to transaction data over several months can help to pinpoint planned long-term attacks.

Why Clusterpoint NTSS

Use cases

  • Monitor Internet and e-mail use and abuse.

  • Clusterpoint NTSS controls and reports data about real Internet and e-mail use and makes it easy to spot usage anomalies.


Be in control in cases of unauthorized access to your network

Clusterpoint NTSS monitors actual traffic in and out of your network – so any network activities by unauthorized network users will be monitored and recorded for later investigation.

Why Clusterpoint NTSS

Use cases

  • Have a complete, reliable and searchable backup of all e-mail traffic from the company, including web-mails.

  • Clusterpoint NTSS stores and makes fully searchable all e-mail communications in and out of your company. Search in:- e-mail contents or metadata;- attached documents;

  • webmail.


  • Seamless linear scalability network

    • Clustering allows for seamless and linear system scalability to accomodate ever growing Internet traffic amounts.

Why Clusterpoint NTSS

What makes us unique

NTSS servers in the cluster:

Traffic information stored:

3 months

6 months

2 years

250 users

500 users

thousands of users


Why Clusterpoint NTSS

What makes us unique

Customer network

Clusterpoint NTSS

Internet


Why Clusterpoint NTSS

What makes us unique

Totally indexed XML database

Perfect for unstructured data transmitted over Internet


Why Clusterpoint NTSS

What makes us unique

Outperforming data storage solutions based on legacy SQL systems by a factor of > 100


  • No proxies and client PC agent software necessary!!! captured data

  • Operates in stealth-mode attached to network switch or as transparent gateway bridge for data capture (e.g., on the Internet link)

  • Captures all traffic, including from PDAs, smart-phones, IPADs, printers and other devices attached to corporate network or using corprate internal WiFi network.

Why Clusterpoint NTSS

What makes us unique

Security personnel can use it as a ‘black-box’ for automatic all network traffic recording and manage it directly without assistance of 3rd parties


Integrate NTSS database XML records with your existing IT security applications

Upload digital key-pass entry control data or video monitoring data records for easy cross-link access

AUTHORIZED USERS

SECURITY

APPLICATION

SERVICES

Entirely searchable

&

scalable

NTSS

database

Clusterpoint

API

XML

Existing

databases

CLUSTERPOINT NTS

( MULTI-SERVER CLUSTER )

SECURITY AUDITING AND MONITORING DATA


  • Make the complete archive of all your network traffic security applicationswith Clusterpoint NTSS

  • Make it meaningful by retrieving, storing and indexing application data into entirely indexed and instantly searchable database

  • Make it freely scalable database for a long-term storage (months, probably years)

  • Do it cost-effectively using inexpensive private cloud cluster database architecture: combined disk storage, RAM and CPU power of many networked commodity serversrunning Clusterpoint NTSS

  • Enjoy ultra-fast, user-friendly, Internet-style search providing relevant and fast answers

Summary

Quickly track down cyber-security incidents related network transactions and even “replay” them step-by-step like on a “time machine”, restore any past traffic for forensics and culprit evidence


Contacts security applications

Web: www.clusterpoint.com

Email: [email protected]

SkypeID:

clusterpoint

Thank You!

Ģirts Palejs

[email protected]


ad