Organizations have to be 100% secure at 100% of the potential access points 100% of the time, whereas unauthorized users only need to penetrate one time in one location to steal a large amount of valuable data.
The lack of network visibility and awareness complicates the ability to detect and prevent abnormal activity and cyber-attacks. To better defend and protect organization assets from advanced targeted attacks, organizations need to have full visibility provided by new methods of security analytics. This should be implemented as holistic solution which is capable of collecting, organizing and analyzing the data in scalable open platform which enables fast and simple integration to existing applications and products.
T-Sense
Innovative Adaptive Monitoring Sensor
Celare T-Sense combines a variety of cutting edge Real-time and Big Data technologies and uses non-intrusive approach to get better visibility over the network and anticipate where and how attacks will appear.
T-Sense addresses the need for overall network perimeter protection, from infrastructure to application level, providing to the security and IT teams a clear visibility of what is happening in their network, investigate its behavior and identifying network threats using anomaly detection, machine learning and predictive analytics.
Continuous Monitoring of Networks
Continuous network monitoring is a crucial task to identify abnormal activity in real time and to avoid from unauthorized entities to penetrate to your network, collect information and plan the next cyber-attack which can seriously harm your organization.
Using scalable software-based smart sensor, T-Sense is able to collect, extract, analyze and replicate any stream of data while supporting thousands of protocols and applications across diverse operating systems, applications and services.
T-Sense is agnostic to any software and hardware and provides high performance for huge amount of data using unique multicore processing. It supports full packet-processing cycle and combines capabilities such as innovative packet classification, detection, filtering, decoding and data shipment methods.
Our vision is to be distributed inside the enterprise using sophisticated sensors and network algorithms to monitor and detect suspicious events in real-time at the network level while using big data analytics to identify and investigate new attackers methods and abnormal network behavior.
Pre-Processing and Data Preparation
T-Sense manipulates the stream data in order to prepare the data for analysis and replication. This functionality supports decrypt of messages using SSL proxy mechanism, aggregate data, transform it and canonize it to a unified data format which then can be used by other post processing units. At the network level T-Sense supports protocol decapsulation, IP defragmentation and packet reordering which is a key for better detection results. T-Sense also supports reliable and secure data shipping and using filtering, masking, anonymization and encryption methods to enable secure replication to 3rd party system and cloud environments.
In-Stream Classification Engine
The classification engine provides high accurate detection of protocols, applications, services and extracts metadata in real-time, and provides full visibility for layer 3 to 7. The detect applications can be grouped into service types such as Video, P2P, VOIP, Messaging and so on to as a preliminary stage for filter data traffic and decision making by using rule-engine and post-processing units.
Metadata Extraction
T-Sense extract protocol and application based metadata from IP traffic. The extraction of the metadata is done in real time, providing valuable information and insights about user\device behavior and application usage. The extracted metadata provides detailed information about the network transactions, configuration and behavior, security and policy enforcement, volumes of data for entities such as user, application, device and services and much more. This information helps to produce intelligent traffic decisions, creating new pattern matching rules for filtering and identifying inside threats.
Multicore Regex Engine
T-Sense includes multicore software-based pattern matching engine that is capable of executing large sets of regular expressions against packets or any stream of data. It can be used before or after the classification stage in order to filter the data stream based on signature or predefined criteria.
Adaptive Real-time Rule Engine
T-Sense includes adaptive rule engine that can execute and match complex rules and patterns on large amount of data streams at high speed. Match results can be found in a single packet or for cases where the threats might be spread across multiple packets. New rules and patterns can be adopted as analysis outcome which was produced by the post processing units based on historical data. The Rule engine can filter the data quickly based on multi-channel decision: classification engine, regex engine, rules and patterns and others while replicate the in-memory filtered stream to external systems.
Multi-Level Data Processing
T-Sense can correlates network data, machine data, wire data, web intelligence and other data sources for multi-level stream data processing. This gives the ability to extend the packet processing stage while providing a wide range of contextual view for analyzing the data efficiently.
Advanced Analytics
T-Sense implements post processing units which analyzing the collected data for further examination and investigation purpose. It uses cutting edge big data technologies and innovative approach to be able to analyze the data efficiently with simple and intuitive tools. It includes NoSQL and Graph DB technologies to be able build a dynamic schema-less data model from any incoming data source as well as decoding content functionality in order to extract more valuable data for further analysis. Advanced analytics enables deep analysis on all data for finding unknown relationships pattern and learn the system regular methods.
Reduce Costs and Implement Faster
T-Sense provides a fully automatic and easily scalable data extraction, filtering, monitoring and shipment solution which can be used for a wide array of applications and services such as security and monitoring systems, SIEM products, IDS\IPS, performance monitoring, intelligence systems, policy and enforcement management, cloud computing, customer experience and many more. T-Sense is agnostic to any operating system and can be integrated easily to a wide range of existing applications while supporting a reliable and secured data movement. It based on open architecture which provides full flexibility to enable easy customization and management as per customer requirements.