Cyclone Network Forensics Platform includes line-rate extraction of crucial application layer security metadata

February 26, 2014

7 Min Read

PRESS RELEASE

SAN FRANCISCO, Calif. – February 24, 2014 – Today at the RSA Conference 2014, nPulse Technologies announced the launch of its Cyclone Network Forensics Platform, designed to dramatically slash incident response times. Cyclone builds on nPulse's performance leadership in full packet capture by adding advanced, line-rate extraction of crucial application layer security metadata and a flexible big data security analytics framework to index, search, analyze, and visualize network traffic and expeditiously reconstruct cyber attack kill chains. Cyclone helps security professionals immediately pivot from overwhelming amounts of data and disparate security alerts to precise, actionable information on malicious activity. By automating a comprehensive cycle of steps ensuring that all network traffic is captured and inspected for forensics and incident response activities, Cyclone provides the traffic visibility necessary to defeat attacks and reduce mean time to resolution for advanced network threats.

The core components of nPulse's Cyclone Network Forensics Platform include:

Capture: Cyclone leverages nPulse's Capture Probe eXtreme (CPX) appliance to perform sustained, lossless full packet capture at core network speeds up to 20 Gbps. Through its patented multi-level index, CPX can search recorded traffic at 160 times its rate of capture – meaning that in less than one minute CPX can search and display traffic data that competing products can take up to a day to retrieve. CPX concurrently exports standard flow records in IPFIX format to nSpector, nPulse's management console.

Metadata Extraction: nPulse's new Security Probe eXtreme (SPX) appliance inspects network traffic at line rate and extracts OSI Layer 7 metadata about the traffic, such as application used, e-mail addresses, file types and DNS records. SPX seamlessly exports this data in standard IPFIX format to nSpector.

Big Data Security Analytics: nPulse's new management console, nSpector, completes the Cyclone Network Forensics Platform by indexing the metadata from SPX and CPX, enabling centralized search across the enterprise for traffic of interest, analysis of the traffic, and custom dashboards. Built to leverage the Open Stack private cloud platform, nSpector also supports third-party threat intelligence feeds, giving administrators the ability to analyze historical traffic using particular indicators of compromise that can help expose a cyber attack in progress and avert future attacks.

"Combating advanced cyber threats hidden in faster, more diverse network traffic demands near real-time forensic visibility and analysis at core network speeds – capabilities that incumbent technologies dating from the '1 gig world' simply do not offer," said nPulse CEO Tim Sullivan. "With the launch of nPulse's Cyclone Network Forensics Platform, customers defending today's fastest networks can gain near real-time insight into areas where seconds count – including which attack vectors are most often exploited against their organization or which of their network defenses are being bypassed by malware navigating the 'kill chain' between an attack's launch and a successful compromise."

RSA Conference attendees can receive a demonstration of the Cyclone Network Forensics Platform at nPulse's booth (#741 South Expo) or view an online video for more details.

By incorporating both full packet capture and Layer 7-enriched metadata for 10 Gbps networks, the Cyclone Network Forensics Platform continues nPulse's tradition of delivering disruptive technologies to customers at a cost that is disruptive to the competition. With Cyclone, customers will be able to use less data sources of higher value for better decision-making in incident response while at the same time driving down operations and maintenance costs. Layer 7-enriched metadata delivers 80% of the context that full packet capture delivers at 20% of the storage cost. Cyclone enables customers to make rational tradeoffs between full packet capture and metadata, thus returning basic risk management principles to the practice of cyber security.

"Over the past decade, attackers have moved deeper into the packet," Sullivan added. "As network defenses, controls, and detection techniques have improved, attackers have had to 'move up the OSI stack' to avoid detection and maintain persistence. Moving up the stack allows attackers to change where their malicious code communicates easily and at a moment's notice. This new paradigm requires Layer 7 data to detect intrusions and expeditiously reconstruct kill chains. As attackers move up the stack, we are moving with them. Layer 7-enriched meta-data coupled with our ability to provide full packet capture gives Cyclone users a solid foundation upon which to perform the network forensics necessary for detecting and responding to intrusions in a timely manner, while managing overall risk and averting future incidents."

About nPulse Technologies, Inc.

nPulse Technologies is the performance leader in network forensics. Leading financial institutions, government agencies, telecommunications carriers and other organizations rely on nPulse solutions to enhance security monitoring, shorten incident response times and increase returns on existing security investments. For network forensic analysts looking to significantly reduce incidence response time, nPulse solutions enable expeditious reconstruction of the kill chain. Unlike competitive solutions that are unable to operate at 10 Gbps sustained speeds and take hours to analyze network traffic, nPulse solutions are designed to perform at 10 Gbps, full duplex - capturing, inspecting, and exposing indications of compromise within minutes. For more information visit www.npulsetech.com

nPulse Technologies Adds Full Packet Capture Capabilities to the FireEye Security Platform

Pivot2Pcap Integration Gives FireEye Customers Ultrafast Packet Capture Capabilities and Interoperability with nPulse's Cyclone Network Forensics Platform Reducing Incident Response Times

SAN FRANCISCO, Calif. – February 24, 2014 – Today at the RSA Conference 2014, nPulse Technologies announced that it has integrated capabilities of its Capture Probe eXtreme (CPX) 4.0 full packet capture appliance with the FireEye Security Platform, through nPulse's Pivot2Pcap API partner program. By integrating nPulse's ultrafast packet capture capabilities with the FireEye platform, customers benefit from CPX's precise, high-speed full packet capture and analysis features that complement FireEye's real-time threat detection to deliver ultrafast traffic analysis and application visibility.

nPulse's Pivot2Pcap integration with FireEye adds additional compatibility with nPulse's Cyclone Network Forensics Platform, giving FireEye customers the option of leveraging their existing security investments within nPulse's forensics framework ensuring all network traffic is captured and inspected for forensics and incident response activities.

The combination of nPulse's unmatched packet capture capabilities with the FireEye Security Platform enables security teams to quickly pivot from security alerts and immediately view precise network packets and session-level data for a given event. By allowing users to easily locate and decode an entire session, nPulse provides detailed visibility into potential malicious activities and payloads; dramatically reducing the time spent searching for available packet data. Users can expand searches to view network activities before and after a security event, further enhancing visibility for incident response and forensics activities.

"FireEye is the leader in stopping today's advanced cyber attacks," said Steve Pataky, vice president of worldwide channels and alliances at FireEye. "The integration of nPulse's recording and analysis capabilities into the FireEye Security Platform will further enable our customers to enhance their security responsiveness and counter sophisticated cyber attacks and threats."

nPulse's Pivot2Pcap API will provide FireEye platform customers with deep insight into network traffic and activities through simple drill-down access to session, connection, and packet information for network speeds up to 20Gbps.

"Now security teams using nPulse's CPX appliances or Cyclone network forensics capabilities alongside the FireEye Security Platform can effectively mitigate malicious events by using our fine-grain visibility to pinpoint threats, prioritize response actions and harden security postures against future attacks," said Tim Sullivan, Chief Executive Officer, nPulse Technologies.

For more information on nPulse's Pivot2Pcap API and partners, please visit: http://www.npulsetech.com/npulse-partners/pivot2pcap-partners/.

About nPulse Technologies, Inc.

nPulse Technologies is the performance leader in network forensics. Leading financial institutions, government agencies, telecommunications carriers and other organizations rely on nPulse solutions to enhance security monitoring, shorten incident response times and increase returns on existing security investments. For network forensic analysts looking to significantly reduce incidence response time, nPulse solutions enable expeditious reconstruction of the kill chain. Unlike competitive solutions that are unable to operate at 10 Gbps sustained speeds and take hours to analyze network traffic, nPulse solutions are designed to perform at 10 Gbps, full duplex - capturing, inspecting, and exposing indications of compromise within minutes. For more information visit www.npulsetech.com

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights