nextcomputing-cyberpro
- 1. Rev 1.1b—11/15Page 1 of 4 3 options for lossless packet capture: 1-3Gbps, 3-6Gbps, 10Gbps Simultaneous PCAP search Active Triggers: real-time, dynamic, user-defined RFC anomaly logging File download hash logging Multi-protocol event/ metadata logging Post-process PCAPs with multiple pre-installed DPI tools Unified web GUI to manage your PCAPs and your entire cyber investigation CyberPro is the perfect tool for today’s field technicians, IT/InfoSec specialists, and network engineers whose mission is to keep modern digital IP networks up and running – and fully protected. Grab this portable tool, arrive on-site, plug into the network without disrupting IT operations, and get productive fast! Within a mobile, lightweight test appliance, CyberPro offers high-speed packet capture, indicators of compromise event alerting, BPF filter event triggering, and a fully integrated analytics workflow with a collection of open source packet analysis software tools. View IoC logging over a long PCAP forensic timeline, and post-process PCAPS for packet analytics and visualization. CyberPro is ideal for network performance monitoring, cyber forensics, compliance enforcement, lawful intercept, and packet data analytics. CyberPro’s Web GUI and Post-Processing Features • Drive your investigation workflow from CyberPro’s PCAP web GUI. You control the capture operations, check a scrolling event log, and quickly route any PCAP data to your favorite third party packet analytics tools. • Single-click to extract PCAPs for any logged event. No waiting for critical PCAPs! CyberPro streams PCAP search query results in small chunks, so you immediately start processing PCAP extractions. • Use Active Triggers and real-time analytics to rapidly direct critical PCAP data for post-processing, using any of multiple third-party open source DPI software packages, conveniently pre-installed and ready-to-use within CyberPro. • CyberPro’s built-in PCAP streaming means that no third-party software will “choke” on too much data throughput during PCAP post-processing. CyberPro is exactly the cyber-tool you need to quickly uncover the malicious cyber- intruder or discover the root cause of critical network performance anomalies. Grab CyberPro, rush to the target site, and let CyberPro help you be the hero! Low-Cost, High-Performance, Portable Packet Forensics Appliance for Network Analysts and Cyber Security Investigators
- 2. Rev 1.1b—11/15Page 2 of 4 CYBERPRO CAPTURE PROCESS Packet Capture Features • Continuous lossless packet capture, with configurations up to 10 Gbps, into a rolling FIFO capture store. A separate extraction store retains PCAP file query results. • 4-tuple indexing in real time — IP address source/destination, port source/destination — with time stamping as low as 150 nanoseconds • PCAP compression in real time — Overall storage amplification up to 20x (depending on % of captured traffic that is SSL or video) • Search PCAP data from a convenient web GUI, using easy BPF+ descriptors, immediately streaming the results from capture store to persistent extraction store. CYBERPRO WORKFLOW CyberPro lets you jump quickly between PCAP actions and your tools-of-choice. Gain new insight from DPI analytics tools, and generate graphical incident reports. Then iterate new Active Trigger alerts and PCAP searches, to conclude your investigation quickly. Real-Time Analytics Features • Open up to 5 simultaneous “Active Triggers”, for targeting critical events using a BPF+ descriptor. Adjust them dynamically. • RFC anomaly logging, session and connection logging, and UID event correlation. • HTTP, FTP, GridFTP logging • File hash logging, for data exfiltration
- 3. Rev 1.1b—11/15Page 3 of 4 Log and metadata statistics SITUATIONAL AWARENESS TOOLS VIA OPEN PCAP Network performance activity CyberPro packet forensics and PCAP management Response coordination Geographic visualization Sankey network diagrams View PCAPs in WireShark
- 4. Rev 1.1b—11/15Page 4 of 4 CyberPro 1/3 CyberPro 3/6 CyberPro 10 Price USD $15,650 USD $21,050 USD $35,750 Packet Capture Interfaces 2x 1G RJ-45 copper SFP modules, and 2x 10G fiber SFP+ modules Time Stamping Resolution 150 nanoseconds Active Triggers 5 simultaneous Capture Store (continuous rolling FIFO) 2.5TB 6.5TB 4.5TB Extraction Store (PCAP query results) 1TB Use Case A - full packet analytics event logging Capture Rate, with Simultaneous Search/Extract 1Gbps 3Gbps 10Gbps Forensic Timeline Capacity: ~20:1 compression ratio (no SSL/media traffic) ~4.7 days (~50TB amplified storage) ~4.1 days (~130TB amplified storage) ~20 hours (~90TB amplified storage) ~7:1 compression ratio (<10% SSL/media traffic) ~1.7 days (~18TB amplified storage) ~1.5 days (~47TB amplified storage) ~7.5 hours (~33TB amplified storage) no compression (eg. 100% SSL/media traffic) 5.7 hours (2.5TB physical storage) 4.9 hours (6.5TB physical storage) 1.0 hours (4.5TB physical storage) Use Case B - with analytics event logging DISABLED Capture Rate, with Simultaneous Search/Extract 3Gbps 6Gbps 10Gbps Forensic Timeline Capacity: ~20:1 compression ratio (no SSL/media traffic) ~1.6 days (~50TB amplified storage) ~2.1 days (~130TB amplified storage) ~20 hours (~90TB amplified storage) ~7:1 compression ratio (<10% SSL/media traffic) ~14 hours (~18TB amplified storage) ~18 hours (~47TB amplified storage) ~7.5 hours (~33TB amplified storage) no compression (eg. 100% SSL/media traffic) 1.9 hours (2.5TB physical storage) 2.5 hours (6.5TB physical storage) 1.0 hours (4.5TB physical storage) Mgt. Port, for External REST/API and Web GUI RJ-45 LAN port Display Integrated 17.3” LED LCD (1920x1080) with scratch-resistant glass, for GUI and administration Physical 4.30” (109.22mm) D x 14.76” (374.9mm) H x 17.33” (440.18mm) W, ~15-18 lbs. (depending on configuration) Power 600W 110/220V, 50/60Hz auto-switching 80 PLUS rated power supply Carrying Case Soft case (included) Optional Equipment International Power Cord $10 — Part # CP-PWR-(Specify Country) Telescoping Handle Hard Case $895 — Part # CP-THC Large Attaché Style Hard Case $795 — Part # CP-AHC This document is for informational purposes only. Updates and changes can occur without notice. All logos, trademarks, and service marks are the property of their respective owners. Copyright © NextComputing all rights reserved. 4 Townsend West, Building 17, Nashua, NH 03063 Phone: 1 (603) 886-3874 • Fax: 1 (603) 886-1736 www.NextComputing.com • sales@Nextcomputing.com 14.76″ (374.9mm) 17.33″ (440.18mm) 4.30″ (109.22mm)