Clusterpoint Network Traffic Surveillance System
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Clusterpoint Network Traffic Surveillance System PowerPoint PPT Presentation


  • 187 Views
  • Uploaded on
  • Presentation posted in: General

Clusterpoint Network Traffic Surveillance System … or how to enforce your network security policies June, 2011 Ģirts Palejs. London Subway Bombing, 2005. During the investigations into the London bombings in 2005: 90,000 hard drives and video tapes from CCTV systems were seized,

Download Presentation

Clusterpoint Network Traffic Surveillance System

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Clusterpoint network traffic surveillance system

Clusterpoint Network Traffic Surveillance System

… or how to enforce your network security policies

June, 2011

Ģirts Palejs


Clusterpoint network traffic surveillance system

London Subway Bombing, 2005

  • During the investigations into the London bombings in 2005:

  • 90,000 hard drives and video tapes from CCTV systems were seized,

  • 100 computers,

  • 500,000 pages of photocopying,

  • 4000 exhibits, 70 telephones and 10,000 statements.


Clusterpoint network traffic surveillance system

Fast, real-time & secure access to records of all online interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics


Clusterpoint network traffic surveillance system

Clusterpoint Network Traffic Surveillance System is an enterprise level corporate network traffic security solution

  • It serves as:

    • Network Traffic Recording and Reengineering Platform

    • Long-term Data Retention & Full Content Search Platform

    • Risk Monitoring, Alerting & Data Loss Investigation Platform


Clusterpoint ntss collects data on all user machine network activities

Clusterpoint NTSS collects data on ALL user & machinenetwork activities

NTSS

1. All TCP & UDP traffic IP packets between customer and Internet get forwarded to NTSS (by tapping a network switch or gateway link, no proxies or software agents on user PCs needed )

Internet Traffic

IPpackets

Decoder

2. IP packets are reengineered back to application level information units (web pages viewed, e-mails sent, documents transferred, images, video/audio, chat sessions etc ).

3. All reengineered and analysed information is fully indexed and stored in Clusterpoint Server database.

Entirely searchable

&

scalable

NTSS

database

  • 4. Easy to use WEB interface provides necessary tools, to:

    • get a quick situation overviews,

    • search through the collected data,

    • receive alerts on user defined criteria,

    • follow up on network user activities,

    • preview the reconstructed information.


Search internet style with simple keyword suggestions

Search Internet-style with Simple Keyword Suggestions


Detailed search results

Detailed Search Results


Complete information previews

Complete Information Previews


Email and attachment preview

Email and Attachment Preview


Clusterpoint network traffic surveillance system

Be In Control of the Unpredictable

Anti-virus software,

Port filters,

Proxies,

Firewalls,

Application firewalls,

Software Agents

... they all mostly deal with predictable, pre-defined, already known threats or anomalies.

Clusterpoint NTSS collects all network traffic data regardless of predefined assumptions, and therefore helps to pinpoint and discover unforeseen security threats.

In particular, providing sub-second full content search and database scalability for tens of gigabytes of traffic per day, it is an indispensable tool for quick tracking down suspected cyber-security incidents.

Why Clusterpoint NTSS

Use cases


Clusterpoint network traffic surveillance system

  • Control Acceptable Use Policy

  • Easily point out Acceptable Use Policy violations, either by manually locating the incidents, or setting up automated Alerts.

Why Clusterpoint NTSS

Use cases

Such discoveries directly help to improve online security policies


Clusterpoint network traffic surveillance system

  • “Insider” Trading and Information Theft Monitoring

  • Setup alerts to warn IT security when documents with specific contents are sent out to a specific or just any destination on the Internet.

Why Clusterpoint NTSS

Use cases

Receive alert when documents containing specific keyword(s) or metadata are sent to external e-mails or web-mail accounts.


Clusterpoint network traffic surveillance system

  • Deal with negative publicity from local sources

  • Monitor what local employees are posting in regards to your company on the public Internet resources.

Why Clusterpoint NTSS

Use cases

FaceBook Virgin Airlines Fiasco

“ ... firing ‘13 flight attendants for criticising the airline’s flight safety standards and describing its passengers as “chavs” on a social networking website’. “


Clusterpoint network traffic surveillance system

  • Discover long standing data security threats.

  • Some security breaches are not obvious in real-time, short term monitoring.

  • Having access to transaction data over several months can help to pinpoint planned long-term attacks.

Why Clusterpoint NTSS

Use cases

  • Monitor Internet and e-mail use and abuse.

  • Clusterpoint NTSS controls and reports data about real Internet and e-mail use and makes it easy to spot usage anomalies.


Clusterpoint network traffic surveillance system

Be in control in cases of unauthorized access to your network

Clusterpoint NTSS monitors actual traffic in and out of your network – so any network activities by unauthorized network users will be monitored and recorded for later investigation.

Why Clusterpoint NTSS

Use cases

  • Have a complete, reliable and searchable backup of all e-mail traffic from the company, including web-mails.

  • Clusterpoint NTSS stores and makes fully searchable all e-mail communications in and out of your company. Search in:- e-mail contents or metadata;- attached documents;

  • webmail.


Clusterpoint network traffic surveillance system

  • Seamless linear scalability

    • Clustering allows for seamless and linear system scalability to accomodate ever growing Internet traffic amounts.

Why Clusterpoint NTSS

What makes us unique

NTSS servers in the cluster:

Traffic information stored:

3 months

6 months

2 years

250 users

500 users

thousands of users


Clusterpoint network traffic surveillance system

  • Powerful traffic data capture platform

    • Clustering used in NTSS design allows to capture traffic from multiple interfaces into a single data base.

Why Clusterpoint NTSS

What makes us unique

Customer network

Clusterpoint NTSS

Internet


Clusterpoint network traffic surveillance system

  • Fully indexed data

    • All stored information is indexed an available for search.

Why Clusterpoint NTSS

What makes us unique

Totally indexed XML database

Perfect for unstructured data transmitted over Internet


Clusterpoint network traffic surveillance system

  • Lighning fast search responses even in very large sets of captured data

  • User friendly Internet-style full text search queries (ad hoc queries, no need to learn complex forms).

  • Response times are guaranteed to be below 5sec even in multi-terabyte databses, typical < 0,5 secs.

Why Clusterpoint NTSS

What makes us unique

Outperforming data storage solutions based on legacy SQL systems by a factor of > 100


Clusterpoint network traffic surveillance system

  • No proxies and client PC agent software necessary!!!

  • Operates in stealth-mode attached to network switch or as transparent gateway bridge for data capture (e.g., on the Internet link)

  • Captures all traffic, including from PDAs, smart-phones, IPADs, printers and other devices attached to corporate network or using corprate internal WiFi network.

Why Clusterpoint NTSS

What makes us unique

Security personnel can use it as a ‘black-box’ for automatic all network traffic recording and manage it directly without assistance of 3rd parties


Clusterpoint network traffic surveillance system

Integrate NTSS database XML records with your existing IT security applications

Upload digital key-pass entry control data or video monitoring data records for easy cross-link access

AUTHORIZED USERS

SECURITY

APPLICATION

SERVICES

Entirely searchable

&

scalable

NTSS

database

Clusterpoint

API

XML

Existing

databases

CLUSTERPOINT NTS

( MULTI-SERVER CLUSTER )

SECURITY AUDITING AND MONITORING DATA


Clusterpoint network traffic surveillance system

  • Make the complete archive of all your network trafficwith Clusterpoint NTSS

  • Make it meaningful by retrieving, storing and indexing application data into entirely indexed and instantly searchable database

  • Make it freely scalable database for a long-term storage (months, probably years)

  • Do it cost-effectively using inexpensive private cloud cluster database architecture: combined disk storage, RAM and CPU power of many networked commodity serversrunning Clusterpoint NTSS

  • Enjoy ultra-fast, user-friendly, Internet-style search providing relevant and fast answers

Summary

Quickly track down cyber-security incidents related network transactions and even “replay” them step-by-step like on a “time machine”, restore any past traffic for forensics and culprit evidence


Clusterpoint network traffic surveillance system

Contacts

Web: www.clusterpoint.com

Email: [email protected]

SkypeID:

clusterpoint

Thank You!

Ģirts Palejs

[email protected]


  • Login