sentrywire next generation packet capture and network ... · current capture rates and network...

1

SentryWire Next generation packet capture and network security.

32

The Cambridge Analytica scandal reduced Facebook’s market capitalization by $50bn in just 2 days. The Equifax data breach has already cost them $87.5 million, and more data breaches are being unearthed a year later. Whilst the final bill for Home Depot’s breach is forecast to exceed $180m.

But data breaches don’t just happen occasionally and at massive scale. By 2020 60% of digital businesses are predicted to suffer major service failures because of the inability of IT security teams to manage digital risk. According to ITPRO the average cost of a data breach is $3.6 million.

The need is simple: businesses need greater network visibility at an unprecedented scale.

The problem is that network packet capture must be reinvented to enable it. Right now storage is too expensive, current capture rates and network searches are too slow, and packet capture cannot scale to the 100’s of petabytes that deliver the extended timelines businesses need. SentryWire is a next generation packet capture tool and network security platform that breaks the performance, scalability and expense barriers of existing frameworks.

But any solutions must also be mindful of the constantly changing cyber security dynamics and needs that businesses will increasingly seek to plug in the coming years.

More data, more danger.

Contents

The data landscape 2

The solution is SentryWire 4

What makes it different? 6

Use cases 7

The product range 8

Partner technologies 9

SentryCloud 9

Find out more 10

5 big cyber security trends for 2018

A move to technologies that overcome security skills gaps, and avoid outsourced services.

A change in focus from protection and prevention to rapid detection, response and remediation.

An increase in adopting hi-tech real-time change auditing solutions and analytics to secure assets.

Harnessing the potential of AI to chase yesterday’s attacks and defend against AI-powered attacks.

Safeguarding business from the weak links in cyber security defense: the IoT and cloud.

Data proliferation brings many new opportunities but also many downsides: more data breaches, more sophisticated cyber attacks and more network management challenges. The business impact has never been greater, just ask Facebook, Equifax or Uber.

The data landscape

1. 2. 3. 4. 5.

54

Data is loggedand indexed

100’s of PBsof data compressed

Up to 100Gbpsrecorded in high fidelity

Data continually analyzed

Real-timealerts

Constant availability

Management dashboard

The solution is SentryWire

Full packet capture

SentryWire captures the full packet. Why? Because metadata won’t produce a high-fidelity record of traffic, and without this business cannot see the full picture of a breach.

Powerful and fast search

Rapid detection and response is critical, but most searches are limited and slow. SentryWire searches petabytes of network traffic to detect attacks faster and accelerate recovery.

Fast capture speeds

Slow network packet capture makes it almost impossible for your businesses to store and manage data proliferation, and things will only get worse. SentryWire can capture the world’s fastest speeds – up to 100Gbps.

Intrusion detection

Limited deployment, high-level security information and predefined alert signatures can hamper IDS. SentryWire enables complete detection, its information base is deep and it can baseline behaviors.

Visualization and analytics

Managing security skills gaps and limiting outsourced managed services are key. SentryWire doesn’t need IT security specialists. Its dashboard can be used by many job roles and it can host a depth of analytics snap-ins.

SentryWire detects intrusions, minimizes damage caused by breaches and enables packet level analysis of any incident, for as little as 20% of the cost of other systems.

It’s a unique capture and storage architecture. The Packet Capture Platform supports 1Mbps to 100Gbps capture rates, provides real-time filtering and allows weeks, months even years of network traffic to be recorded, retained and analyzed. A Hadoop-like architecture scales out computation and storage to provide the industry’s fastest search in packet stores of 100PBs. There’s also high-speed, high-fidelity packet recording with real-time analytics, visualization and BPF-syntax filters. And SentryWire’s NetFlow Analyzer provides real-time visibility into network bandwidth performance, traffic patterns, and user/application bandwidth utilization.

5 big SentryWire benefits

How it works

1. 2. 3. 4. 5.

76

111001001011001010010100000111110010010011110010110101001001110010010101101001101010001010101010110000101010100010000101

010101010010100010101010101010001010000101010101101101010101010010101111101001001010101010101111001010010101010001111010101010110101001001101010010101010110101010101010101010101110100001010101010101110010010010101010100101010111110100001010001111010101001010101010100101000101010101010100010100001010101011011010101010100101011111010010010101010101011110010100101

010100011110101010101101010010011010100101010101101010101010101010001011101100010101010101011100100100101010101001010101111101000010100010010101010010101010010101010010010100010101010101010101011010000110101010101010101001010101001001010001010010011010100101010101101010101010101010001011101100010101010101011100100100101010101001010101111101000010100010010101010010101010010101010010010100010101010101010101011010000110101010101010101001010101001001010001010101010101010101101000

Today

Breachdetected

Averagebusinesspacketcapture

SentryWireFull network visibility

Breachoccurred

-4days

-146days

What makes SentryWire different

Unlogged activity detection

In conjunction with enterprise log correlation tools, quickly detect and sessionize network activity that may have been removed.

Data exfiltration detection

Log exfiltrated files with 5-Tuple indexing and hash details for comparing data, taking actions and retrieving sessionized PCAPs for forensics.

Phishing preparation detection

Detect and log all URIs traversing the network, from targeted phishing emails to web traffic, and alert when internal traffic accesses those URIs.

Malware infiltration detection

Detect, classify and extract objects (files, URLs, IP Addresses, etc) in real-time to inspect and take appropriate actions to enrich cyber investigations and generate alerts.

Indicators and signatures alerting

Multi-level signature and behavior event session search and logging, with visualization through DPI visualizer.

Forensic Traffic Analysis

Analyze captured data for suspicious traffic, alert the security practitioners of what they deem as suspicious user behavior, sessionizing the suspicious network traffic in the UI.

Network access control analysis

Receive real-time alerts of unauthorized network connectivity through 5-Tuple indexing and logging.

User anomalous behavior

Identify employees using unapproved applications or violating policies, and provide situational awareness and alerts.

Behavior anomaly detection

Detect anomalies from normal network traffic behavior and correlate to a 5-Tuple index for root cause review.

Encryption visibility

Gain visibility into TLS / SSL encrypted sessions. Log and extract sessionized network traffic via timestamp, capture node and session information to recover encrypted session, and view in any packet viewer.

The answer’s simple: every element of packet capture has been challenged and rethought. SentryWire genuinely is next generation packet capture and network security.

SentryWire provides immense network throughput, limitless packet capture timelines, fast access to vast amounts of data, flexibility to use any analytics tools available and visibility into your enterprise. These defining characteristics are fueling many real-world use cases.

The extended timeline

SentryWire use cases

On average it takes 146 days to detect a breach in your network. However, most companies only have the capability to store 4 days of packets. This leaves an average of 142 days of no visibility into what was happening on a network during and since the breach.

SentryWire provides full visibility into your network, so you’re not left in the dark as to how and when a breach has occurred.

* Terms and conditions apply

Today’s packet capture solutions SentryWire

Storage is too expensive. Reduces cost of storing IP packets by as much as 80%.

Current capture rates too slow: < 4Gbps. Supports world’s largest network speeds to 100Gbps.

Search is limited and incredibly slow. Real-time indexing and immediate access: in seconds.

Cannot share data between and among other vendor tools and limited filtering.

Industry standard PCAP data access service along with BPF and customizable filtering.

Not available in multiple form factors. Same technology: laptops to enterprise environments.

Not scalable to 1o/1000s of PBs, or weeks, months and years of packets.

Scales from TBs to 100’s of PBs with storage, search and analytics that can store and access years of packets.

Limited integration capability. Integrates with existing security tools, existing analytics software, and is open architecture.

Requires IT security skills. Usable by multiple job roles.

$1m per petabyte $100,000 per petabyte*

Incident response and malware detection

Network troubleshooting

98

SentryWire product range

Partner technologies

Discover SentryCloud

Extra visibility

See your cloud traffic without the cloud provider policies that limit access and restrict visibility of your assets.

Network control

Seamlessly extend network and security policies into the public cloud.

Record 100% of traffic

Monitor and record all cloud traffic for review, investigation and regulatory compliance requirements.

Take back control

Understand exactly what is happening to your assets in the cloud at-all-times.

SentryWire is a complete range of systems with everything you need. It scales from the very small to the very large and is easy to expand: there’s no forklift upgrades or re-buys. Adding throughput and capacity is easy with the plug and play storage and capacity nodes. And SentryWire’s connectivity makes it easy to federate to hundreds of clusters. There’s almost limitless configuration and integration flexibility. You can even sort the SentryWire Systems by lossless capture rates.

SentryWire partners with the leading security solution providers to extend the power of our packet capture platform.

This ecosystem of partner technologies includes governance, risk compliance management platforms, intrusion detection systems, behavior based solutions, hardware and OS providers, other security and industry solutions.

The benefits

Capture / storage node

Capture rate

Additional specifications

Network connection

Days of traffic

SentryWire 10 One (1) 4.4”x4.56”x2.04” small form factor

Losslessly from 1 to 100Mbps

Built-in storage capacity and one RJ45 copper network connection

3.9TBs 10

SentryWire 50 One (1) 1U Losslessly at up to 100Mbps

Built-in storage capacity and 2 network connections

54TBs 10



216TBs 10



552TBs 10

SentryWire 150 One (1) 2U Losslessly at up to 1Gbps


665TBs 10

SentryWire 150ES One (1) 4U Losslessly at up to 1Gbps


1.06PBs 10



1.06PBs 10

SentryWire 200 Quad-Lite

One (1) 2U Losslessly at up to 4Gbps


665TBs 10

SentryWire 200 Quad

One (1) 4U Losslessly at up to 4Gbps


1.06PBs 10



1.06PBs 10



1.06PBs 10



1.7PBs 10



3.7PBs 10

Capture 100% of your internal cloud traffic.

Capture 100% of the traffic to and from the public cloud.

Seamlessly extend network and security policies into the public cloud.

1. 2. 3.

10

© Axim Global and SentryWire 2018. All rights reserved.

aximglobal.com

Axim helps organizations turn customer experience into better business through strong CX governance. We focus on risk, efficiency, accountability and the sheer untapped possibility of CX technologies, data and analytics, people and digital marketing. It means operationalized CX, streamlined CX ecosystems and mobilized customers. To learn more visit www.aximglobal.com

Learn more about the SentryWire product range and how it’s helping many organizations from government departments and agencies, national laboratories, Fortune 50 and Fortune 500 companies.

To discover more visit: aximglobal.comor email: [email protected]

Find out more about SentryWire

sentrywire next generation packet capture and network ... · current capture rates and network...

Documents