Analytics
2/26/2014
12:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

nPulse Technologies Launches Cyclone Network Forensics Platform For The 10 Gig World

Cyclone Network Forensics Platform includes line-rate extraction of crucial application layer security metadata

SAN FRANCISCO, Calif. – February 24, 2014 – Today at the RSA Conference 2014, nPulse Technologies announced the launch of its Cyclone Network Forensics Platform, designed to dramatically slash incident response times. Cyclone builds on nPulse's performance leadership in full packet capture by adding advanced, line-rate extraction of crucial application layer security metadata and a flexible big data security analytics framework to index, search, analyze, and visualize network traffic and expeditiously reconstruct cyber attack kill chains. Cyclone helps security professionals immediately pivot from overwhelming amounts of data and disparate security alerts to precise, actionable information on malicious activity. By automating a comprehensive cycle of steps ensuring that all network traffic is captured and inspected for forensics and incident response activities, Cyclone provides the traffic visibility necessary to defeat attacks and reduce mean time to resolution for advanced network threats.

The core components of nPulse's Cyclone Network Forensics Platform include:

Capture: Cyclone leverages nPulse's Capture Probe eXtreme (CPX) appliance to perform sustained, lossless full packet capture at core network speeds up to 20 Gbps. Through its patented multi-level index, CPX can search recorded traffic at 160 times its rate of capture – meaning that in less than one minute CPX can search and display traffic data that competing products can take up to a day to retrieve. CPX concurrently exports standard flow records in IPFIX format to nSpector, nPulse's management console.

Metadata Extraction: nPulse's new Security Probe eXtreme (SPX) appliance inspects network traffic at line rate and extracts OSI Layer 7 metadata about the traffic, such as application used, e-mail addresses, file types and DNS records. SPX seamlessly exports this data in standard IPFIX format to nSpector.

Big Data Security Analytics: nPulse's new management console, nSpector, completes the Cyclone Network Forensics Platform by indexing the metadata from SPX and CPX, enabling centralized search across the enterprise for traffic of interest, analysis of the traffic, and custom dashboards. Built to leverage the Open Stack private cloud platform, nSpector also supports third-party threat intelligence feeds, giving administrators the ability to analyze historical traffic using particular indicators of compromise that can help expose a cyber attack in progress and avert future attacks.

"Combating advanced cyber threats hidden in faster, more diverse network traffic demands near real-time forensic visibility and analysis at core network speeds – capabilities that incumbent technologies dating from the '1 gig world' simply do not offer," said nPulse CEO Tim Sullivan. "With the launch of nPulse's Cyclone Network Forensics Platform, customers defending today's fastest networks can gain near real-time insight into areas where seconds count – including which attack vectors are most often exploited against their organization or which of their network defenses are being bypassed by malware navigating the 'kill chain' between an attack's launch and a successful compromise."

RSA Conference attendees can receive a demonstration of the Cyclone Network Forensics Platform at nPulse's booth (#741 South Expo) or view an online video for more details.

By incorporating both full packet capture and Layer 7-enriched metadata for 10 Gbps networks, the Cyclone Network Forensics Platform continues nPulse's tradition of delivering disruptive technologies to customers at a cost that is disruptive to the competition. With Cyclone, customers will be able to use less data sources of higher value for better decision-making in incident response while at the same time driving down operations and maintenance costs. Layer 7-enriched metadata delivers 80% of the context that full packet capture delivers at 20% of the storage cost. Cyclone enables customers to make rational tradeoffs between full packet capture and metadata, thus returning basic risk management principles to the practice of cyber security.

"Over the past decade, attackers have moved deeper into the packet," Sullivan added. "As network defenses, controls, and detection techniques have improved, attackers have had to 'move up the OSI stack' to avoid detection and maintain persistence. Moving up the stack allows attackers to change where their malicious code communicates easily and at a moment's notice. This new paradigm requires Layer 7 data to detect intrusions and expeditiously reconstruct kill chains. As attackers move up the stack, we are moving with them. Layer 7-enriched meta-data coupled with our ability to provide full packet capture gives Cyclone users a solid foundation upon which to perform the network forensics necessary for detecting and responding to intrusions in a timely manner, while managing overall risk and averting future incidents."

About nPulse Technologies, Inc.

nPulse Technologies is the performance leader in network forensics. Leading financial institutions, government agencies, telecommunications carriers and other organizations rely on nPulse solutions to enhance security monitoring, shorten incident response times and increase returns on existing security investments. For network forensic analysts looking to significantly reduce incidence response time, nPulse solutions enable expeditious reconstruction of the kill chain. Unlike competitive solutions that are unable to operate at 10 Gbps sustained speeds and take hours to analyze network traffic, nPulse solutions are designed to perform at 10 Gbps, full duplex - capturing, inspecting, and exposing indications of compromise within minutes. For more information visit www.npulsetech.com

nPulse Technologies Adds Full Packet Capture Capabilities to the FireEye Security Platform

Pivot2Pcap Integration Gives FireEye Customers Ultrafast Packet Capture Capabilities and Interoperability with nPulse's Cyclone Network Forensics Platform Reducing Incident Response Times

SAN FRANCISCO, Calif. – February 24, 2014 – Today at the RSA Conference 2014, nPulse Technologies announced that it has integrated capabilities of its Capture Probe eXtreme (CPX) 4.0 full packet capture appliance with the FireEye Security Platform, through nPulse's Pivot2Pcap API partner program. By integrating nPulse's ultrafast packet capture capabilities with the FireEye platform, customers benefit from CPX's precise, high-speed full packet capture and analysis features that complement FireEye's real-time threat detection to deliver ultrafast traffic analysis and application visibility.

nPulse's Pivot2Pcap integration with FireEye adds additional compatibility with nPulse's Cyclone Network Forensics Platform, giving FireEye customers the option of leveraging their existing security investments within nPulse's forensics framework ensuring all network traffic is captured and inspected for forensics and incident response activities.

The combination of nPulse's unmatched packet capture capabilities with the FireEye Security Platform enables security teams to quickly pivot from security alerts and immediately view precise network packets and session-level data for a given event. By allowing users to easily locate and decode an entire session, nPulse provides detailed visibility into potential malicious activities and payloads; dramatically reducing the time spent searching for available packet data. Users can expand searches to view network activities before and after a security event, further enhancing visibility for incident response and forensics activities.

"FireEye is the leader in stopping today's advanced cyber attacks," said Steve Pataky, vice president of worldwide channels and alliances at FireEye. "The integration of nPulse's recording and analysis capabilities into the FireEye Security Platform will further enable our customers to enhance their security responsiveness and counter sophisticated cyber attacks and threats."

nPulse's Pivot2Pcap API will provide FireEye platform customers with deep insight into network traffic and activities through simple drill-down access to session, connection, and packet information for network speeds up to 20Gbps.

"Now security teams using nPulse's CPX appliances or Cyclone network forensics capabilities alongside the FireEye Security Platform can effectively mitigate malicious events by using our fine-grain visibility to pinpoint threats, prioritize response actions and harden security postures against future attacks," said Tim Sullivan, Chief Executive Officer, nPulse Technologies.

For more information on nPulse's Pivot2Pcap API and partners, please visit: http://www.npulsetech.com/npulse-partners/pivot2pcap-partners/.

About nPulse Technologies, Inc.

nPulse Technologies is the performance leader in network forensics. Leading financial institutions, government agencies, telecommunications carriers and other organizations rely on nPulse solutions to enhance security monitoring, shorten incident response times and increase returns on existing security investments. For network forensic analysts looking to significantly reduce incidence response time, nPulse solutions enable expeditious reconstruction of the kill chain. Unlike competitive solutions that are unable to operate at 10 Gbps sustained speeds and take hours to analyze network traffic, nPulse solutions are designed to perform at 10 Gbps, full duplex - capturing, inspecting, and exposing indications of compromise within minutes. For more information visit www.npulsetech.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?