slide1
Download
Skip this Video
Download Presentation
Clusterpoint Network Traffic Surveillance System

Loading in 2 Seconds...

play fullscreen
1 / 23

Clusterpoint Network Traffic Surveillance System - PowerPoint PPT Presentation


  • 229 Views
  • Uploaded on

Clusterpoint Network Traffic Surveillance System … or how to enforce your network security policies June, 2011 Ģirts Palejs. London Subway Bombing, 2005. During the investigations into the London bombings in 2005: 90,000 hard drives and video tapes from CCTV systems were seized,

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Clusterpoint Network Traffic Surveillance System' - tivona


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Clusterpoint Network Traffic Surveillance System

… or how to enforce your network security policies

June, 2011

Ģirts Palejs

slide2

London Subway Bombing, 2005

  • During the investigations into the London bombings in 2005:
  • 90,000 hard drives and video tapes from CCTV systems were seized,
  • 100 computers,
  • 500,000 pages of photocopying,
  • 4000 exhibits, 70 telephones and 10,000 statements.
slide3

Fast, real-time & secure access to records of all online interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics

slide4
Clusterpoint Network Traffic Surveillance System is an enterprise level corporate network traffic security solution
  • It serves as:
    • Network Traffic Recording and Reengineering Platform
    • Long-term Data Retention & Full Content Search Platform
    • Risk Monitoring, Alerting & Data Loss Investigation Platform
clusterpoint ntss collects data on all user machine network activities
Clusterpoint NTSS collects data on ALL user & machinenetwork activities

NTSS

1. All TCP & UDP traffic IP packets between customer and Internet get forwarded to NTSS (by tapping a network switch or gateway link, no proxies or software agents on user PCs needed )

Internet Traffic

IPpackets

Decoder

2. IP packets are reengineered back to application level information units (web pages viewed, e-mails sent, documents transferred, images, video/audio, chat sessions etc ).

3. All reengineered and analysed information is fully indexed and stored in Clusterpoint Server database.

Entirely searchable

&

scalable

NTSS

database

  • 4. Easy to use WEB interface provides necessary tools, to:
    • get a quick situation overviews,
    • search through the collected data,
    • receive alerts on user defined criteria,
    • follow up on network user activities,
    • preview the reconstructed information.
slide10

Be In Control of the Unpredictable

Anti-virus software,

Port filters,

Proxies,

Firewalls,

Application firewalls,

Software Agents

... they all mostly deal with predictable, pre-defined, already known threats or anomalies.

Clusterpoint NTSS collects all network traffic data regardless of predefined assumptions, and therefore helps to pinpoint and discover unforeseen security threats.

In particular, providing sub-second full content search and database scalability for tens of gigabytes of traffic per day, it is an indispensable tool for quick tracking down suspected cyber-security incidents.

Why Clusterpoint NTSS

Use cases

slide11

Control Acceptable Use Policy

  • Easily point out Acceptable Use Policy violations, either by manually locating the incidents, or setting up automated Alerts.

Why Clusterpoint NTSS

Use cases

Such discoveries directly help to improve online security policies

slide12

“Insider” Trading and Information Theft Monitoring

  • Setup alerts to warn IT security when documents with specific contents are sent out to a specific or just any destination on the Internet.

Why Clusterpoint NTSS

Use cases

Receive alert when documents containing specific keyword(s) or metadata are sent to external e-mails or web-mail accounts.

slide13

Deal with negative publicity from local sources

  • Monitor what local employees are posting in regards to your company on the public Internet resources.

Why Clusterpoint NTSS

Use cases

FaceBook Virgin Airlines Fiasco

“ ... firing ‘13 flight attendants for criticising the airline’s flight safety standards and describing its passengers as “chavs” on a social networking website’. “

slide14

Discover long standing data security threats.

  • Some security breaches are not obvious in real-time, short term monitoring.
  • Having access to transaction data over several months can help to pinpoint planned long-term attacks.

Why Clusterpoint NTSS

Use cases

  • Monitor Internet and e-mail use and abuse.
  • Clusterpoint NTSS controls and reports data about real Internet and e-mail use and makes it easy to spot usage anomalies.
slide15

Be in control in cases of unauthorized access to your network

Clusterpoint NTSS monitors actual traffic in and out of your network – so any network activities by unauthorized network users will be monitored and recorded for later investigation.

Why Clusterpoint NTSS

Use cases

  • Have a complete, reliable and searchable backup of all e-mail traffic from the company, including web-mails.
  • Clusterpoint NTSS stores and makes fully searchable all e-mail communications in and out of your company. Search in:- e-mail contents or metadata;- attached documents;
  • webmail.
slide16

Seamless linear scalability

      • Clustering allows for seamless and linear system scalability to accomodate ever growing Internet traffic amounts.

Why Clusterpoint NTSS

What makes us unique

NTSS servers in the cluster:

Traffic information stored:

3 months

6 months

2 years

250 users

500 users

thousands of users

slide17

Powerful traffic data capture platform

    • Clustering used in NTSS design allows to capture traffic from multiple interfaces into a single data base.

Why Clusterpoint NTSS

What makes us unique

Customer network

Clusterpoint NTSS

Internet

slide18

Fully indexed data

      • All stored information is indexed an available for search.

Why Clusterpoint NTSS

What makes us unique

Totally indexed XML database

Perfect for unstructured data transmitted over Internet

slide19

Lighning fast search responses even in very large sets of captured data

  • User friendly Internet-style full text search queries (ad hoc queries, no need to learn complex forms).
  • Response times are guaranteed to be below 5sec even in multi-terabyte databses, typical < 0,5 secs.

Why Clusterpoint NTSS

What makes us unique

Outperforming data storage solutions based on legacy SQL systems by a factor of > 100

slide20

No proxies and client PC agent software necessary!!!

  • Operates in stealth-mode attached to network switch or as transparent gateway bridge for data capture (e.g., on the Internet link)
  • Captures all traffic, including from PDAs, smart-phones, IPADs, printers and other devices attached to corporate network or using corprate internal WiFi network.

Why Clusterpoint NTSS

What makes us unique

Security personnel can use it as a ‘black-box’ for automatic all network traffic recording and manage it directly without assistance of 3rd parties

slide21

Integrate NTSS database XML records with your existing IT security applications

Upload digital key-pass entry control data or video monitoring data records for easy cross-link access

AUTHORIZED USERS

SECURITY

APPLICATION

SERVICES

Entirely searchable

&

scalable

NTSS

database

Clusterpoint

API

XML

Existing

databases

CLUSTERPOINT NTS

( MULTI-SERVER CLUSTER )

SECURITY AUDITING AND MONITORING DATA

slide22

Make the complete archive of all your network trafficwith Clusterpoint NTSS

  • Make it meaningful by retrieving, storing and indexing application data into entirely indexed and instantly searchable database
  • Make it freely scalable database for a long-term storage (months, probably years)
  • Do it cost-effectively using inexpensive private cloud cluster database architecture: combined disk storage, RAM and CPU power of many networked commodity serversrunning Clusterpoint NTSS
  • Enjoy ultra-fast, user-friendly, Internet-style search providing relevant and fast answers

Summary

Quickly track down cyber-security incidents related network transactions and even “replay” them step-by-step like on a “time machine”, restore any past traffic for forensics and culprit evidence

slide23

Contacts

Web: www.clusterpoint.com

Email: [email protected]

SkypeID:

clusterpoint

Thank You!

Ģirts Palejs

[email protected]

ad