Analytics
2/26/2014
12:15 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

nPulse Technologies Launches Cyclone Network Forensics Platform For The 10 Gig World

Cyclone Network Forensics Platform includes line-rate extraction of crucial application layer security metadata

SAN FRANCISCO, Calif. – February 24, 2014 – Today at the RSA Conference 2014, nPulse Technologies announced the launch of its Cyclone Network Forensics Platform, designed to dramatically slash incident response times. Cyclone builds on nPulse's performance leadership in full packet capture by adding advanced, line-rate extraction of crucial application layer security metadata and a flexible big data security analytics framework to index, search, analyze, and visualize network traffic and expeditiously reconstruct cyber attack kill chains. Cyclone helps security professionals immediately pivot from overwhelming amounts of data and disparate security alerts to precise, actionable information on malicious activity. By automating a comprehensive cycle of steps ensuring that all network traffic is captured and inspected for forensics and incident response activities, Cyclone provides the traffic visibility necessary to defeat attacks and reduce mean time to resolution for advanced network threats.

The core components of nPulse's Cyclone Network Forensics Platform include:

Capture: Cyclone leverages nPulse's Capture Probe eXtreme (CPX) appliance to perform sustained, lossless full packet capture at core network speeds up to 20 Gbps. Through its patented multi-level index, CPX can search recorded traffic at 160 times its rate of capture – meaning that in less than one minute CPX can search and display traffic data that competing products can take up to a day to retrieve. CPX concurrently exports standard flow records in IPFIX format to nSpector, nPulse's management console.

Metadata Extraction: nPulse's new Security Probe eXtreme (SPX) appliance inspects network traffic at line rate and extracts OSI Layer 7 metadata about the traffic, such as application used, e-mail addresses, file types and DNS records. SPX seamlessly exports this data in standard IPFIX format to nSpector.

Big Data Security Analytics: nPulse's new management console, nSpector, completes the Cyclone Network Forensics Platform by indexing the metadata from SPX and CPX, enabling centralized search across the enterprise for traffic of interest, analysis of the traffic, and custom dashboards. Built to leverage the Open Stack private cloud platform, nSpector also supports third-party threat intelligence feeds, giving administrators the ability to analyze historical traffic using particular indicators of compromise that can help expose a cyber attack in progress and avert future attacks.

"Combating advanced cyber threats hidden in faster, more diverse network traffic demands near real-time forensic visibility and analysis at core network speeds – capabilities that incumbent technologies dating from the '1 gig world' simply do not offer," said nPulse CEO Tim Sullivan. "With the launch of nPulse's Cyclone Network Forensics Platform, customers defending today's fastest networks can gain near real-time insight into areas where seconds count – including which attack vectors are most often exploited against their organization or which of their network defenses are being bypassed by malware navigating the 'kill chain' between an attack's launch and a successful compromise."

RSA Conference attendees can receive a demonstration of the Cyclone Network Forensics Platform at nPulse's booth (#741 South Expo) or view an online video for more details.

By incorporating both full packet capture and Layer 7-enriched metadata for 10 Gbps networks, the Cyclone Network Forensics Platform continues nPulse's tradition of delivering disruptive technologies to customers at a cost that is disruptive to the competition. With Cyclone, customers will be able to use less data sources of higher value for better decision-making in incident response while at the same time driving down operations and maintenance costs. Layer 7-enriched metadata delivers 80% of the context that full packet capture delivers at 20% of the storage cost. Cyclone enables customers to make rational tradeoffs between full packet capture and metadata, thus returning basic risk management principles to the practice of cyber security.

"Over the past decade, attackers have moved deeper into the packet," Sullivan added. "As network defenses, controls, and detection techniques have improved, attackers have had to 'move up the OSI stack' to avoid detection and maintain persistence. Moving up the stack allows attackers to change where their malicious code communicates easily and at a moment's notice. This new paradigm requires Layer 7 data to detect intrusions and expeditiously reconstruct kill chains. As attackers move up the stack, we are moving with them. Layer 7-enriched meta-data coupled with our ability to provide full packet capture gives Cyclone users a solid foundation upon which to perform the network forensics necessary for detecting and responding to intrusions in a timely manner, while managing overall risk and averting future incidents."

About nPulse Technologies, Inc.

nPulse Technologies is the performance leader in network forensics. Leading financial institutions, government agencies, telecommunications carriers and other organizations rely on nPulse solutions to enhance security monitoring, shorten incident response times and increase returns on existing security investments. For network forensic analysts looking to significantly reduce incidence response time, nPulse solutions enable expeditious reconstruction of the kill chain. Unlike competitive solutions that are unable to operate at 10 Gbps sustained speeds and take hours to analyze network traffic, nPulse solutions are designed to perform at 10 Gbps, full duplex - capturing, inspecting, and exposing indications of compromise within minutes. For more information visit www.npulsetech.com

nPulse Technologies Adds Full Packet Capture Capabilities to the FireEye Security Platform

Pivot2Pcap Integration Gives FireEye Customers Ultrafast Packet Capture Capabilities and Interoperability with nPulse's Cyclone Network Forensics Platform Reducing Incident Response Times

SAN FRANCISCO, Calif. – February 24, 2014 – Today at the RSA Conference 2014, nPulse Technologies announced that it has integrated capabilities of its Capture Probe eXtreme (CPX) 4.0 full packet capture appliance with the FireEye Security Platform, through nPulse's Pivot2Pcap API partner program. By integrating nPulse's ultrafast packet capture capabilities with the FireEye platform, customers benefit from CPX's precise, high-speed full packet capture and analysis features that complement FireEye's real-time threat detection to deliver ultrafast traffic analysis and application visibility.

nPulse's Pivot2Pcap integration with FireEye adds additional compatibility with nPulse's Cyclone Network Forensics Platform, giving FireEye customers the option of leveraging their existing security investments within nPulse's forensics framework ensuring all network traffic is captured and inspected for forensics and incident response activities.

The combination of nPulse's unmatched packet capture capabilities with the FireEye Security Platform enables security teams to quickly pivot from security alerts and immediately view precise network packets and session-level data for a given event. By allowing users to easily locate and decode an entire session, nPulse provides detailed visibility into potential malicious activities and payloads; dramatically reducing the time spent searching for available packet data. Users can expand searches to view network activities before and after a security event, further enhancing visibility for incident response and forensics activities.

"FireEye is the leader in stopping today's advanced cyber attacks," said Steve Pataky, vice president of worldwide channels and alliances at FireEye. "The integration of nPulse's recording and analysis capabilities into the FireEye Security Platform will further enable our customers to enhance their security responsiveness and counter sophisticated cyber attacks and threats."

nPulse's Pivot2Pcap API will provide FireEye platform customers with deep insight into network traffic and activities through simple drill-down access to session, connection, and packet information for network speeds up to 20Gbps.

"Now security teams using nPulse's CPX appliances or Cyclone network forensics capabilities alongside the FireEye Security Platform can effectively mitigate malicious events by using our fine-grain visibility to pinpoint threats, prioritize response actions and harden security postures against future attacks," said Tim Sullivan, Chief Executive Officer, nPulse Technologies.

For more information on nPulse's Pivot2Pcap API and partners, please visit: http://www.npulsetech.com/npulse-partners/pivot2pcap-partners/.

About nPulse Technologies, Inc.

nPulse Technologies is the performance leader in network forensics. Leading financial institutions, government agencies, telecommunications carriers and other organizations rely on nPulse solutions to enhance security monitoring, shorten incident response times and increase returns on existing security investments. For network forensic analysts looking to significantly reduce incidence response time, nPulse solutions enable expeditious reconstruction of the kill chain. Unlike competitive solutions that are unable to operate at 10 Gbps sustained speeds and take hours to analyze network traffic, nPulse solutions are designed to perform at 10 Gbps, full duplex - capturing, inspecting, and exposing indications of compromise within minutes. For more information visit www.npulsetech.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-3828
Published: 2014-10-22
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.