Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Agata overview

Udi Levin
Udi Levin

Agata provides high speed cyber solutions including a full featured Forensics suite with Meta Data and tens of thousands of dynamic policy rules, Layer-7 Intelligence, Network Analytics, filtered sessions and traffic recording. Backed by 20 years of specialized research and development of traffic management and security solutions for top tier customers, Agata is able to provide best in class high-end technological products. Agata appliances allow enterprises to secure networks using state of the art cyber solutions. Agata DPI empowers the user to find, record, analyze and track security events and vulnerabilities including Zero-Day exploits. The overview presentation includes a use case and a description of the different applications for Agata DPI.

1 of 17
Download to read offline
Overview PART I: Cyber & Our Solution PART II: Technical Details
 Founded in 2008 by 2 R&D directors from Allot Communications  Extensive experience in networking, infrastructure, intelligence, data aggregation  Current customers include: government, enterprises and mobile operators  High-performance solutions for Network Intelligence (URL Filtering, Load Balancing and Network Analytics for Layer 7)  Security Solutions for Network Forensics About Agata
 Intellectual Property (IP) is not safe  Man in the middle attacks by criminals  Data theft  Financial theft  Espionage  Organization is legally liable Risks and Threats From Cyber Focus on malware signatures – won't find the infected machines
 Real-time (and Back-in-time ) analysis of data  Find threats by:  Analyzing unknown or suspicious files to uncover malicious behaviors  Using packet captures (PCAP) to record the unknown traffic  Utilizing behavioral botnet reports  Identify unknown mobile users, known exploits, remote users  Identify unknown geographical (and domain) sources of traffic  Analyze download history and content  20 Gbps Continuous packet capture with nanosec time stamping Agata Forensics Solution Record – Analyze - Track
 Using Agata DPI Probe for 20Gbps traffic  High speed Layer-7 analysis (Meta data) and storage of data  Probe Network hierarchy: Passive tapping  Processing/collecting information based on tens of thousands of filters  Redirecting filtered traffic to external servers for advanced analysis  Using the following Agata capabilities:  Filter/Layer-7 classification engine  Traffic decapsulation (MPLS, PPoE)  Up to 50,000 overlapping policy rules  Rules are defined by conditions and actions  Integration with advanced storage and analysis systems  Filtered sessions enriched with DPI results (App ID) Agata Use Case: Very Large Traffic Analysis at Asian Network (mn's of users)
DPI Engine Data Collection Reports L7 Load Balancing URL Filtering Hardware Configurations PART II: Agata Technical Details
 Agata’s Network Intelligence is based on an advanced dynamic DPI engine for high speed networks, data aggregation (big data) and analysis tools.  Agata’s DPI based probes supports up to 20Gbps per blade.  The probes are based on Broadcom XLP Multicore processors or Cavium Octeon. Dynamic DPI engine
Topology
 Network analytics with sessions statistics, Protocols/Applications metadata extraction.  The DPI engine identifies more than 1,000 applications and protocols (e.g. Skype, Facebook, YouTube, Emails, etc.) and detects Non-standard/untrusted traffic and Traffic headers modification.  Provides full visibility and ability to find the relevant data with easy to use tools  Extensive of on-demand/scheduled reports and graphs  Extraction of network, metadata, subscribers, devices information  Convert network traffic into content (Web pages, Emails & attachments, Instant Messages, VoIP)  Keyword searching using regex in collected and indexed data and content  Alerts and actions  A centralized dashboard view Network Analytics
 List of unknown encrypted sessions  List of email attachments that were sent during certain time window  Report on user’s traffic anomaly (e.g. access from Dev department to finance dep.)  Report of sessions to unknown external geo-location  Report on file sharing application usage: Dropbox, Skype, Google drive.  Report on remote control sessions: SSH, Telnet, RDP, Teamviewer  Content based reports – list of content containing specific regular expressions  Event report (identify event anomaly such as change in protocol headers) Cyber Forensics Reports – examples
Collected Information Network Data Examples • Unique ID • Timestamp • Site • Subscriber Name/ID • Statistics  Session Duration  Bytes In/Out  Packets In/Out  Live Connections • Networking  Source/Destination MAC addresses  Encapsulation  Protocol Type: IP/TCP/UDP  Source IP and Port  Destination IP and Port  Protocol /Application  Information from packet header/data
Statistics reports and graphs Per session statistics (Bytes/Packets and Connections) on the network traffic is collected constantly An administrator can generate large variety of on-demand scheduled reports and graphs The report generator interface allows drilling-down from all-network view to single session view Metadata reports Applications metadata is collected constantly The system collects metadata on applications like WhatsApp, HTTP, VoIP, Emails, etc The metadata is can be exported via csv files or SQL based DB interface. Reports
 Advanced Layer 4 and Layer 7 load balancing  The filters and classification engine supports up to 50,000 overlapping policy rules and the rules are defined by conditions and actions  The supported load balancing algorithms are:  Round robin  Weighted round robin  Least loaded port  Least connections per port Layer 7 Load Balancer
 An online content filter demands to protect users (mobile and others) at risk  HTTP/HTTPS support  URL filtering by category  File type blocking  SSL Inspection  Application Control  P2P and IM blocking  Internet applications blocking  IP and Port blocking  Provides social Media behaviour reports URL Filtering
Probe – Hardware Option 1 HP Server + Cavium Octeon PCIe card
Probe – Hardware Option 2 Broadcom XLP
Thank You Udi Levin C. +972.544.510670 M. udi.levin@agata-solutions.com

More Related Content

Agata overview

  • 1. Overview PART I: Cyber & Our Solution PART II: Technical Details
  • 2.  Founded in 2008 by 2 R&D directors from Allot Communications  Extensive experience in networking, infrastructure, intelligence, data aggregation  Current customers include: government, enterprises and mobile operators  High-performance solutions for Network Intelligence (URL Filtering, Load Balancing and Network Analytics for Layer 7)  Security Solutions for Network Forensics About Agata
  • 3.  Intellectual Property (IP) is not safe  Man in the middle attacks by criminals  Data theft  Financial theft  Espionage  Organization is legally liable Risks and Threats From Cyber Focus on malware signatures – won't find the infected machines
  • 4.  Real-time (and Back-in-time ) analysis of data  Find threats by:  Analyzing unknown or suspicious files to uncover malicious behaviors  Using packet captures (PCAP) to record the unknown traffic  Utilizing behavioral botnet reports  Identify unknown mobile users, known exploits, remote users  Identify unknown geographical (and domain) sources of traffic  Analyze download history and content  20 Gbps Continuous packet capture with nanosec time stamping Agata Forensics Solution Record – Analyze - Track
  • 5.  Using Agata DPI Probe for 20Gbps traffic  High speed Layer-7 analysis (Meta data) and storage of data  Probe Network hierarchy: Passive tapping  Processing/collecting information based on tens of thousands of filters  Redirecting filtered traffic to external servers for advanced analysis  Using the following Agata capabilities:  Filter/Layer-7 classification engine  Traffic decapsulation (MPLS, PPoE)  Up to 50,000 overlapping policy rules  Rules are defined by conditions and actions  Integration with advanced storage and analysis systems  Filtered sessions enriched with DPI results (App ID) Agata Use Case: Very Large Traffic Analysis at Asian Network (mn's of users)
  • 6. DPI Engine Data Collection Reports L7 Load Balancing URL Filtering Hardware Configurations PART II: Agata Technical Details
  • 7.  Agata’s Network Intelligence is based on an advanced dynamic DPI engine for high speed networks, data aggregation (big data) and analysis tools.  Agata’s DPI based probes supports up to 20Gbps per blade.  The probes are based on Broadcom XLP Multicore processors or Cavium Octeon. Dynamic DPI engine
  • 9.  Network analytics with sessions statistics, Protocols/Applications metadata extraction.  The DPI engine identifies more than 1,000 applications and protocols (e.g. Skype, Facebook, YouTube, Emails, etc.) and detects Non-standard/untrusted traffic and Traffic headers modification.  Provides full visibility and ability to find the relevant data with easy to use tools  Extensive of on-demand/scheduled reports and graphs  Extraction of network, metadata, subscribers, devices information  Convert network traffic into content (Web pages, Emails & attachments, Instant Messages, VoIP)  Keyword searching using regex in collected and indexed data and content  Alerts and actions  A centralized dashboard view Network Analytics
  • 10.  List of unknown encrypted sessions  List of email attachments that were sent during certain time window  Report on user’s traffic anomaly (e.g. access from Dev department to finance dep.)  Report of sessions to unknown external geo-location  Report on file sharing application usage: Dropbox, Skype, Google drive.  Report on remote control sessions: SSH, Telnet, RDP, Teamviewer  Content based reports – list of content containing specific regular expressions  Event report (identify event anomaly such as change in protocol headers) Cyber Forensics Reports – examples
  • 11. Collected Information Network Data Examples • Unique ID • Timestamp • Site • Subscriber Name/ID • Statistics  Session Duration  Bytes In/Out  Packets In/Out  Live Connections • Networking  Source/Destination MAC addresses  Encapsulation  Protocol Type: IP/TCP/UDP  Source IP and Port  Destination IP and Port  Protocol /Application  Information from packet header/data
  • 12. Statistics reports and graphs Per session statistics (Bytes/Packets and Connections) on the network traffic is collected constantly An administrator can generate large variety of on-demand scheduled reports and graphs The report generator interface allows drilling-down from all-network view to single session view Metadata reports Applications metadata is collected constantly The system collects metadata on applications like WhatsApp, HTTP, VoIP, Emails, etc The metadata is can be exported via csv files or SQL based DB interface. Reports
  • 13.  Advanced Layer 4 and Layer 7 load balancing  The filters and classification engine supports up to 50,000 overlapping policy rules and the rules are defined by conditions and actions  The supported load balancing algorithms are:  Round robin  Weighted round robin  Least loaded port  Least connections per port Layer 7 Load Balancer
  • 14.  An online content filter demands to protect users (mobile and others) at risk  HTTP/HTTPS support  URL filtering by category  File type blocking  SSL Inspection  Application Control  P2P and IM blocking  Internet applications blocking  IP and Port blocking  Provides social Media behaviour reports URL Filtering
  • 15. Probe – Hardware Option 1 HP Server + Cavium Octeon PCIe card
  • 16. Probe – Hardware Option 2 Broadcom XLP
  • 17. Thank You Udi Levin C. +972.544.510670 M. udi.levin@agata-solutions.com