Network Sensors
PacketAnalyst High Performance Network Sensors
Accelerated Servers offers the PacketAnalyst (tm) line of high performance, cost-efficient sensors which have been deployed in small and large networks covering hundreds of POPs since 2003. Our sensors are based on an open, standards-based Linux platform, and support multiple concurrent cybersecurity applications running at line rate. They are easy to port your applications to because they run standard Linux (RedHat or Debian), use standard CPUs (x86), and have a standard PCAP interface. For additional capabilities, our sensors integrate well with Accelerated Servers-supplied central storage and analytics platforms.
How it Works
The PacketAnalyst platform manages data flow from one or more 10Gigabit full-duplex ports and allows multiple applications to run over some or all of the captured data in real time or in playback mode. The PacketAnalyst API is standard PCAP and DAQ. Any program that can be compiled or has a binary available for x86 and uses the PCAP or DAQ external libraries can be supported with a simple compile. Any Debian or RedHat package that uses PCAP ro DAQ will work without additional integration. The PacketAnalyst platform also has optional included components you can use to support automated log compression, rotation, and upload to central analytics cluster(s); automated application startup, management, and monitoring; and traffic monitoring of capture and/or dropped data from every port and each application.
PacketAnalyst Products
PacketAnalyst
Flexible 2u platform supporting 10Gigabit full-duplex line-rate operation with a suite of typical flow, DPI, IDS, and discovery, applications.
PacketAnalyst-Highcap
Flexible 2u platform supporting 20-30 Gigabit full-duplex line-rate operation with a suite of typical flow, DPI, IDS, and discovery, applications.
PacketAnalyst-Lite
Flexible 1u platform supporting 10 Gigabit full-duplex line-rate operation with flow, DPI, and packet capture applications. Additional applications can be run on the PacketAnalyst-Lite but might impact line rate functionality of the lighter-weight applications.
PacketAnalyst-DS12
Flexible 4u platform supporting 10Gigabit full-duplex line-rate operation with 12 hours of line-rate data storage, supporting a suite of typical flow, DPI, IDS, and discovery, applications.
PacketAnalyst Addons
DS12
12-hour Data Storage addon for 10Gigabit full-duplex line-rate. Standard sensors can support up to 2 DS12s.
Clustered Storage
For longer data storage and processing functionality, Accelerated Servers can provide custom multi-Petabyte storage clusters which seamlessly integrate with the PacketAnalyst OS to allow running analytics applications over multiple days or weeks of data.
Additional Ports
The PacketAnalyst, PacketSensor-Highcap, and PacketSensor-DS12 products can take up to 5 10Gigabit ports, supporting up to 30 Gigabits of aggregate throughput.
Applicable Application Missions
IDS/IPS Runs Snort, Suricata, and other PCAP/DAQ-based IDS/IPS suites in both bypass and in-line modes.
Netflow/sFlow/IPFix Export Supporting 100% accurate, un-sampled netflow, sFlow, or IPfix collectors.
Deep Packet Inspection Runs DPI applications for lawful intercept, proprietary and confidential information protection, and other missions.
Cloud and Edge Data Processing Edge sensors can be statelessly provisioned for scale (and run diskless), and support edge data processing natively or via on-sensor VMs.
Network and Application Performance Analysis TCP Statistics, network and application transactional latency analysis.
Passive Device Fingerprinting p0f and other OS/device fingerprinting applications discover hosts and identify them by OS.
Distributed Packet Capture Real time distributed tcpdump functionality captures matching traffic samples in real time or across stored history across the entire network.
Billing, Accounting, and Usage Auditing Netflow data supports tracking usage to the port or beyond to the customer/user level for billing or re-billing.
Identity Management Integration Flow tagging using real-time feeds of user/identity to IP address usage mappings. Can be integrated with Identity Management and Tracking infrastructures.
Link Fault Discovery Detecting sources of bad frames, unicast broadcast, and MAC/ARP spoofing.
Available Sensor Applications
Snort
Suricata
AMP
Yaf
p0f
tcpdump
Argus
Any x86 binary application using PCAP or DAQ
Any source-available application using PCAP or DAQ
Industry Applications
Cyber Security - Providing line-rate processing of multiple analytics applications
Service Providers - NetFlow for top talkers, billing, dDoS detection
Finance - Security as well as latency verification
OEM - Our platform supports any source-available application
PacketAnalyst Platform Features
Line Rate Capture Line rate packet capture of multiple 10GIG interfaces per sensor.
Open Platform The PacketAnalyst platform runs any application source or binary that can use PCAP or DAQ libraries on a standard x86 Linux platform.
High Performance Stanard suites of security and flow software can all run simultaneously at N x 10GIGe on one PacketAnalyst-HC sensor platform.
Operational Autonomy Applications can be segregated into VMs for security isolation and distribution of administrative control.
Data Retention and Analysis All PacketAnalyst sensors support optional local disk for data retention, and applications can be run over live or historic data.
Flexible Hashing Unlimited number of data streams can be generated based on multiple MPLS and/or VLAN tags, full IPv6 support.
Manageability SNMP visibility into each port and application instance accumulating all bytes and packets processed and dropped.
Cloud and Edge Data Processing Edge sensors can be statelessly provisioned for scale (and run diskless), and support edge data processing natively or via on-sensor VMs.
40 Gigabit Scalability With 2 PacketAnalyst-HCs cooperating to process a single 40GIG link.
Netflow Analytics Cluster
Accelerated Servers can also supply central processing infrastructure for flow and security application logs and output.
An Accelerated Servers 125-POP Netflow Analytics cluster:
|
