Agata provides high speed cyber solutions including a full featured Forensics suite with Meta Data and tens of thousands of dynamic policy rules, Layer-7 Intelligence, Network Analytics, filtered sessions and traffic recording.
Backed by 20 years of specialized research and development of traffic management and security solutions for top tier customers, Agata is able to provide best in class high-end technological products. Agata appliances allow enterprises to secure networks using state of the art cyber solutions. Agata DPI empowers the user to find, record, analyze and track security events and vulnerabilities including Zero-Day exploits.
The overview presentation includes a use case and a description of the different applications for Agata DPI.
2. Founded in 2008 by 2 R&D directors from Allot Communications
Extensive experience in networking, infrastructure, intelligence, data aggregation
Current customers include: government, enterprises and mobile operators
High-performance solutions for Network Intelligence (URL Filtering, Load Balancing and
Network Analytics for Layer 7)
Security Solutions for Network Forensics
About Agata
3. Intellectual Property (IP) is not safe
Man in the middle attacks by criminals
Data theft
Financial theft
Espionage
Organization is legally liable
Risks and Threats From Cyber
Focus on malware signatures – won't
find the infected machines
4. Real-time (and Back-in-time ) analysis of data
Find threats by:
Analyzing unknown or suspicious files to uncover malicious behaviors
Using packet captures (PCAP) to record the unknown traffic
Utilizing behavioral botnet reports
Identify unknown mobile users, known exploits, remote users
Identify unknown geographical (and domain) sources of traffic
Analyze download history and content
20 Gbps Continuous packet capture with nanosec time stamping
Agata Forensics Solution
Record – Analyze - Track
5. Using Agata DPI Probe for 20Gbps traffic
High speed Layer-7 analysis (Meta data) and storage of data
Probe Network hierarchy: Passive tapping
Processing/collecting information based on tens of thousands of filters
Redirecting filtered traffic to external servers for advanced analysis
Using the following Agata capabilities:
Filter/Layer-7 classification engine
Traffic decapsulation (MPLS, PPoE)
Up to 50,000 overlapping policy rules
Rules are defined by conditions and actions
Integration with advanced storage and analysis systems
Filtered sessions enriched with DPI results (App ID)
Agata Use Case:
Very Large Traffic Analysis at
Asian Network (mn's of users)
7. Agata’s Network Intelligence is based on an advanced dynamic DPI engine for high speed
networks, data aggregation (big data) and analysis tools.
Agata’s DPI based probes supports up to 20Gbps per blade.
The probes are based on Broadcom XLP Multicore processors or Cavium Octeon.
Dynamic DPI engine
9. Network analytics with sessions statistics, Protocols/Applications metadata extraction.
The DPI engine identifies more than 1,000 applications and protocols (e.g. Skype,
Facebook, YouTube, Emails, etc.) and detects Non-standard/untrusted traffic and Traffic
headers modification.
Provides full visibility and ability to find the relevant data with easy to use tools
Extensive of on-demand/scheduled reports and graphs
Extraction of network, metadata, subscribers, devices information
Convert network traffic into content (Web pages, Emails & attachments, Instant Messages, VoIP)
Keyword searching using regex in collected and indexed data and content
Alerts and actions
A centralized dashboard view
Network Analytics
10. List of unknown encrypted sessions
List of email attachments that were sent during certain time window
Report on user’s traffic anomaly (e.g. access from Dev department to finance dep.)
Report of sessions to unknown external geo-location
Report on file sharing application usage: Dropbox, Skype, Google drive.
Report on remote control sessions: SSH, Telnet, RDP, Teamviewer
Content based reports – list of content containing specific regular expressions
Event report (identify event anomaly such as change in protocol headers)
Cyber Forensics Reports – examples
11. Collected Information
Network Data Examples
• Unique ID
• Timestamp
• Site
• Subscriber Name/ID
• Statistics
Session Duration
Bytes In/Out
Packets In/Out
Live Connections
• Networking
Source/Destination MAC addresses
Encapsulation
Protocol Type: IP/TCP/UDP
Source IP and Port
Destination IP and Port
Protocol /Application
Information from packet header/data
12. Statistics reports and graphs
Per session statistics (Bytes/Packets and Connections) on the network traffic is collected
constantly
An administrator can generate large variety of on-demand scheduled reports and graphs
The report generator interface allows drilling-down from all-network view to single session view
Metadata reports
Applications metadata is collected constantly
The system collects metadata on applications like WhatsApp, HTTP, VoIP, Emails, etc
The metadata is can be exported via csv files or SQL based DB interface.
Reports
13. Advanced Layer 4 and Layer 7 load balancing
The filters and classification engine supports up to 50,000 overlapping policy rules and
the rules are defined by conditions and actions
The supported load balancing algorithms are:
Round robin
Weighted round robin
Least loaded port
Least connections per port
Layer 7 Load Balancer
14. An online content filter demands to protect users (mobile and others) at risk
HTTP/HTTPS support
URL filtering by category
File type blocking
SSL Inspection
Application Control
P2P and IM blocking
Internet applications blocking
IP and Port blocking
Provides social Media behaviour reports
URL Filtering