NetWiz™ Cyber Solution
NetWiz™ is a comprehensive security monitoring system for detection and investigation of insider cyber threats. It is a joint venture result between Celare and Oracle, providing a seamless integration between Celare T-Sense product, Oracle Big Data Appliance and Big Data analytical tools. It’s an open and unified platform for implementing cyber algorithms, applications and 3rd party products by providing an infrastructure, framework and sophisticated tools works together for rapid development and best performance. It integrates both commercial and open source products and can be enhanced easily by using the system API and unified query language.
.NetWiz™ is based on several subsystems and advanced predictive algorithms combined with deep knowledge of hacker methods. It consists of few main components: Smart Collectors, Big Data Platform, Complex Event Processing Engine, Predictive Engine and Discovery tools.
NetWiz™ supports full security cycle: Awareness, Enforcement, Detection, Investigation, Response and delivers a unique combination of software and hardware coming together to deliver seamless multi-functional value - store, organize, analyze and visualize the data, and get advanced future proof detection of cyber threats and attacks, from a single malware to full-fledged APT’s.
Smart Network Traffic Collection
Using scalable integrated low-cost T-Sense collector, NetWiz™ is able to collect any network stream of data (metadata and content) as well as external data sources such as wire data and machine data.
NetWiz™ system is a network-based solution which collects records and analyzes network traffic in real time for wide range using T-Sense collector located at the edges of the network perimeter in order to inspect all network traffic while being much closer to the endpoints elements. T-Sense collector can be installed using Taps or in inline mode depends on customer requirements and network configuration. It’s cost effective and can be deployed in a large scale enterprise network.
Network Data Aggregation
The challenge - Collecting huge amount of network traffic in different formats to allow more advanced analytics and integration with any common network tools:
Oracle NoSQL is a distributed key-value store which enables fast and scalable network data collection from several T-Sense collectors and supports any type of data. It serves as a central database for all network data and external data sources.
The challenge - Analyze network traffic in real-time mode for detection of insider threats:
Oracle Event Processing (OEP) is a powerful tool for high-speed analysis and enrichment of network stream of data. OEP filters, correlates and aggregates the network data for finding suspicious events and complex attack patterns.
The Challenge - Build big data repository of historical network data in flexible and scalable manner for distributed batch processing jobs: Cloudera Distribution Hadoop (CDH) is used for batch processing of large volume network data. Using Oracle BDA which based on CDH, boost performance and simplify the network analysis process while bringing best-of-breed solution for big data environment.
The Challenge - Ability to investigate the historical data for network behavior analysis and data enrichment: Graph database is been used to analyze the historical data by reconstructing a network data model dynamically for link analysis, finding trends and abnormal activity. The graph data model includes rich visualization of all network elements, events and attributes for each node and link and provides out of the box algorithms over the visualized elements.
The Challenge: Ability to integrate to security systems and 3rd party applications and products: Open and simple API allows flexible 3rd party integration and provides a development framework for enhanced analytics and new applications.
Cyber Analytics and Predictive Engine
Using the most advanced predictive algorithms, our system foresees new, unknown threats before they see the light of day. The predictive engine anticipates the way hackers would like to evade security measures - even before they do, make their attempts to attack totally non-worthwhile and non-cost effective. This comprises multiple lines of defense. Oracle Event Processing (OEP) provides real-time rule engine and framework for defining rules and patterns over time to detect complex cyber-attacks. OEP filters, correlates and aggregates all incoming events from several sub-systems into a bigger event based on predefined cyber patterns.
Session Reconstruction and Content Analysis
NetWiz™ collecting and storing the network streams in a unique entity model which includes all the extracted metadata as hierarchal sessions and the related PCAPs. This allows NetWiz™ to produce advanced metadata from the decoded protocol content and analyze embedded information that may indicates a surreptitious exfiltration of data or use of a prohibited protocol tunneling through a seemingly innocuous session.
Analyst Desktop and Information Discovery
Oracle Information Discovery platform provides a rich visualization framework and pre-built analytical tools to help security teams to get full visibility over the network and enables 360 degree view on each network element such as user, device, IP, MAC, APP and so on. Information discovery includes wide range of filters and queries including geo-spatial capabilities while providing interactive dynamic dashboards for quick view of network metrics.
GEO Map of threats origin
View network applications and statistics
Graph visualization of network connections
Visualization of suspicious user behavior and activity
Reduce Costs and Implement Faster
Oracle software is engineered to work together, which saves time and money in deployment. Oracle Engineered Systems connect hardware with the software to bring even greater speed and scalability to end-user solutions, meaning customers save significant amounts in license costs and support. By incorporating the number one open source distribution of Cloudera Hadoop with existing structured data sources and high performance hardware, IT security professionals can have the best resources available to monitor their environments for security and performance indicators. Simplified interfaces and powerful management tools like Enterprise Manager 12c greatly reduce the maintenance burden on IT personnel and provide more time to focus on security and performance improvements in the infrastructure.
- Rich visualization and forensic tools.
- Covers the entire attack chain (trojans, backdoors, exploits, information gathering tools, privilege escalation tools, etc.); no matter where the reuse takes place along the attack chain, in which operating system, it will be identified and stopped.
- Collecting network data at the network perimeter close to the end points enables better detection and forensics of insider threats, with full visibility of layer 2-7 traffic.
- Open architecture – built using most advanced Oracle Big Data and Business intelligence analytical tools, provides full flexibility to enable easy customization and reporting per customer requirements.
- A fully automatic and easily scalable solution – seamless integration ensures continuous threat detection.
- Open API for external systems and 3rd party applications.
- Scalable as needed to address the needs of small to large enterprises and organizations.
- Cost effective T-Sense collector enables flexible deployment all over the enterprise network.