Skip this Video
Download Presentation
Clusterpoint Network Traffic Surveillance System

Loading in 2 Seconds...

play fullscreen
1 / 23

Clusterpoint Network Traffic Surveillance System - PowerPoint PPT Presentation

  • Uploaded on

Clusterpoint Network Traffic Surveillance System … or how to enforce your network security policies June, 2011 Ģirts Palejs. London Subway Bombing, 2005. During the investigations into the London bombings in 2005: 90,000 hard drives and video tapes from CCTV systems were seized,

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Clusterpoint Network Traffic Surveillance System' - tivona

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Clusterpoint Network Traffic Surveillance System

… or how to enforce your network security policies

June, 2011

Ģirts Palejs


London Subway Bombing, 2005

  • During the investigations into the London bombings in 2005:
  • 90,000 hard drives and video tapes from CCTV systems were seized,
  • 100 computers,
  • 500,000 pages of photocopying,
  • 4000 exhibits, 70 telephones and 10,000 statements.

Fast, real-time & secure access to records of all online interactions (email, Web browsing, chats, file and document exchange, images, video/audio etc.) is needed for complete data forensics

Clusterpoint Network Traffic Surveillance System is an enterprise level corporate network traffic security solution
  • It serves as:
    • Network Traffic Recording and Reengineering Platform
    • Long-term Data Retention & Full Content Search Platform
    • Risk Monitoring, Alerting & Data Loss Investigation Platform
clusterpoint ntss collects data on all user machine network activities
Clusterpoint NTSS collects data on ALL user & machinenetwork activities


1. All TCP & UDP traffic IP packets between customer and Internet get forwarded to NTSS (by tapping a network switch or gateway link, no proxies or software agents on user PCs needed )

Internet Traffic



2. IP packets are reengineered back to application level information units (web pages viewed, e-mails sent, documents transferred, images, video/audio, chat sessions etc ).

3. All reengineered and analysed information is fully indexed and stored in Clusterpoint Server database.

Entirely searchable





  • 4. Easy to use WEB interface provides necessary tools, to:
    • get a quick situation overviews,
    • search through the collected data,
    • receive alerts on user defined criteria,
    • follow up on network user activities,
    • preview the reconstructed information.

Be In Control of the Unpredictable

Anti-virus software,

Port filters,



Application firewalls,

Software Agents

... they all mostly deal with predictable, pre-defined, already known threats or anomalies.

Clusterpoint NTSS collects all network traffic data regardless of predefined assumptions, and therefore helps to pinpoint and discover unforeseen security threats.

In particular, providing sub-second full content search and database scalability for tens of gigabytes of traffic per day, it is an indispensable tool for quick tracking down suspected cyber-security incidents.

Why Clusterpoint NTSS

Use cases


Control Acceptable Use Policy

  • Easily point out Acceptable Use Policy violations, either by manually locating the incidents, or setting up automated Alerts.

Why Clusterpoint NTSS

Use cases

Such discoveries directly help to improve online security policies


“Insider” Trading and Information Theft Monitoring

  • Setup alerts to warn IT security when documents with specific contents are sent out to a specific or just any destination on the Internet.

Why Clusterpoint NTSS

Use cases

Receive alert when documents containing specific keyword(s) or metadata are sent to external e-mails or web-mail accounts.


Deal with negative publicity from local sources

  • Monitor what local employees are posting in regards to your company on the public Internet resources.

Why Clusterpoint NTSS

Use cases

FaceBook Virgin Airlines Fiasco

“ ... firing ‘13 flight attendants for criticising the airline’s flight safety standards and describing its passengers as “chavs” on a social networking website’. “


Discover long standing data security threats.

  • Some security breaches are not obvious in real-time, short term monitoring.
  • Having access to transaction data over several months can help to pinpoint planned long-term attacks.

Why Clusterpoint NTSS

Use cases

  • Monitor Internet and e-mail use and abuse.
  • Clusterpoint NTSS controls and reports data about real Internet and e-mail use and makes it easy to spot usage anomalies.

Be in control in cases of unauthorized access to your network

Clusterpoint NTSS monitors actual traffic in and out of your network – so any network activities by unauthorized network users will be monitored and recorded for later investigation.

Why Clusterpoint NTSS

Use cases

  • Have a complete, reliable and searchable backup of all e-mail traffic from the company, including web-mails.
  • Clusterpoint NTSS stores and makes fully searchable all e-mail communications in and out of your company. Search in:- e-mail contents or metadata;- attached documents;
  • webmail.

Seamless linear scalability

      • Clustering allows for seamless and linear system scalability to accomodate ever growing Internet traffic amounts.

Why Clusterpoint NTSS

What makes us unique

NTSS servers in the cluster:

Traffic information stored:

3 months

6 months

2 years

250 users

500 users

thousands of users


Powerful traffic data capture platform

    • Clustering used in NTSS design allows to capture traffic from multiple interfaces into a single data base.

Why Clusterpoint NTSS

What makes us unique

Customer network

Clusterpoint NTSS



Fully indexed data

      • All stored information is indexed an available for search.

Why Clusterpoint NTSS

What makes us unique

Totally indexed XML database

Perfect for unstructured data transmitted over Internet


Lighning fast search responses even in very large sets of captured data

  • User friendly Internet-style full text search queries (ad hoc queries, no need to learn complex forms).
  • Response times are guaranteed to be below 5sec even in multi-terabyte databses, typical < 0,5 secs.

Why Clusterpoint NTSS

What makes us unique

Outperforming data storage solutions based on legacy SQL systems by a factor of > 100


No proxies and client PC agent software necessary!!!

  • Operates in stealth-mode attached to network switch or as transparent gateway bridge for data capture (e.g., on the Internet link)
  • Captures all traffic, including from PDAs, smart-phones, IPADs, printers and other devices attached to corporate network or using corprate internal WiFi network.

Why Clusterpoint NTSS

What makes us unique

Security personnel can use it as a ‘black-box’ for automatic all network traffic recording and manage it directly without assistance of 3rd parties


Integrate NTSS database XML records with your existing IT security applications

Upload digital key-pass entry control data or video monitoring data records for easy cross-link access





Entirely searchable














Make the complete archive of all your network trafficwith Clusterpoint NTSS

  • Make it meaningful by retrieving, storing and indexing application data into entirely indexed and instantly searchable database
  • Make it freely scalable database for a long-term storage (months, probably years)
  • Do it cost-effectively using inexpensive private cloud cluster database architecture: combined disk storage, RAM and CPU power of many networked commodity serversrunning Clusterpoint NTSS
  • Enjoy ultra-fast, user-friendly, Internet-style search providing relevant and fast answers


Quickly track down cyber-security incidents related network transactions and even “replay” them step-by-step like on a “time machine”, restore any past traffic for forensics and culprit evidence




Email: [email protected]



Thank You!

Ģirts Palejs

[email protected]