IPCopper Management and Data Analytics Server

IPCopper’s management and data analytics server provides a central point for managing IPCopper packet capture appliances, as well as performing sophisticated analysis of the packet capture data. The server’s core functions include packet capture appliance management; data acquisition and aggregation; and search. Its searching capabilities encompass both simple, one-dimensional searches and multi-dimensional searches, including searches by IP and MAC address with differentiators for source versus destination references; port; date and time ranges; signature matches, either by packet or TCP/IP session; HTTP header fields (file name, host, user, agent, etc); protocol; and other parameters. Once a search has completed, the user can drill down through the data to examine individual packets and TCP/IP sessions or export a file of the PCAP data for analysis on external tools.

One server securely manages multiple packet capture appliances, regardless of whether they are installed on the local network or deployed at remote locations. Native storage may be increased with the connection of optional modular units, for possible storage of up to 480TB.

Integrated Network Monitoring

Combining IPCopper's analytics servers and packet capture appliances creates a data-centric ecosystem for integrated network monitoring with full capture, indexing, archiving, analysis and reports. The analytics functions of the server utilize the data from the packet capture appliances as pulled off the wire, and process the packets in full. Data-centric analytics of the complete network data yield the complete picture.

Data Acquisition & Analytics

The server may acquire data from units in the field via IP transport, or via a direct 10G fiberoptic connection for higher speed, either on demand or as a continuous data stream. At the time of acquisition, the data may be pre-screened for alert generation based on a number of rules, including signatures, IP address, MAC address and other parameters, as well as pre-indexed for faster analysis later.

For smaller installations, the server may combine its data management and analysis functions with packet capture, allowing it to perform as a standalone packet capture appliance while simultaneously indexing and parsing the data.

Redundancy: Depending on the value of the data, in many cases it is advisable to deploy a second server unit to duplicate the data acquired by the first, providing two redundant copies of the data. For forensic purposes, it is better to conduct analysis separately from storage, to protect the integrity of the original data.

Customization

IPCopper’s management and data analytics server is very versatile; it can be deployed on its own or in multiples to tackle larger projects by splitting data and/or tasks among several units. For example, in a custom three-unit cluster, one server could manage and communicate with the packet capture units in the field and aggregate, pre-index and store data, while passing the data on to a second unit for redundant storage. The first server would also pass the data on demand to a third server (or a third-party device) for analysis or further processing.

Custom Solutions for “Big Data”

Monitoring today’s high-speed networks necessitates handling large amounts of network traffic data. As networks continue to grow in speed and size, indexing the resulting big data becomes imperative. Some attempt to handle the big data of packet capture by converting the PCAP data into net flow, but this approach merely reduces the amount of data to a small subset by arbitrarily removing the payload.

In our approach, high capacity indexing servers do the heavy lifting of collating the packet capture data collected from multiple packet capture appliances. Based on the operator’s queries, the indexing servers can collate and present the data from different angles, be it source, destination, protocol or other, in order to identify trends and generate reports. These indexing servers can also slice the data into smaller data sets, bringing it to a level where manual review of the data is convenient and practical.

For more information on our management and data analytics servers, please contact us.

Report: Marketing Cybercrime to Infect America

Report