gray-bg-hexes-angle.jpg
 
 

ThE ULTIMATE NETWORK FORENSICS PLATFORM

 
qtm-hardware-glowing.png
 

ThreatEye is a network forensics solution that guarantees line-rate packet capture from 1 to 100 gigabits per second, with lossless write to disk. It scales to retain petabytes of data and supports a range of storage options, with advanced indexing and search features. The solution provides an intuitive user interface and offers easy integration via RESTful APIs.  ThreatEye is powered by Napatech’s industry-leading SmartNIC technology, providing 100% packet capture with nanosecond precision time stamping.

 

Use Cases

Experience analysts agree that network forensics and analysis is only as good as the depth and fidelity of packets recorded. With an easy to use RESTful API, ThreatEye is a cost-effective, bolt-on solution that enables you to harness the full potential of your application.

te-macbook-mock.png
 

INCIDENCE RESPONSE

In the aftermath of a security breach or cyberattack, ThreatEye delivers critical context around alerts generated by security applications such as:

  • Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS)

  • Unified Threat Management (UTM)

  • Security Information and Event Management (SIEM)

  • Data Loss Prevention (DLP)

  • Advanced Persistent Threats (ATP)

To reduce recovery time and costs, ThreatEye data makes it possible to retrospectively asses, contain, and acertain the damage of an incident.

Threat Hunting

ThreatEye provides ground truth data used by security analysts to proactively track and target malicious activity before there an incident. Network forensic evidence provides the proof necessary to show intent, expose correlations of unusual patterns and uncover attackers that potentially have been active for months. Investigations using a threat hunting approach improve the probability of finding advanced threats and  shorten the “dwell time”, between initial breach and detection.

Cyber defense

ThreatEye delivers data to applications that help governments see all data running through their networks. Recognizing malicious packages and suspicious patterns allows governments to take preemptive measures to stop criminals before or during an attack, safeguarding sensitive government information as well as the personal data of citizens.

CRITICAL Infrastructure MONITORING

ThreatEye delivers data to applications that enable infrastructure network managers to optimize performance of power transmission, water distribution, transportation, healthcare, and other complex networks. The insight delivered helps sustain the reliable functioning of these vital networks and creates the visibility needed to protect them.

Fraud detection & compliance management

ThreatEye delivers data to applications that ensure compliance with regulations, protect trading information, and reduce the risk of confidential information leaks. This enables stock exchanges to provide a seamless, secure trading experience for their customers.

Financial latency measurement

ThreatEye delivers data to applications that make delays visible by capturing all transactions and measuring the exact time of each trading event up to the nanosecond. This enables financial institutions to guarantee optimal performance and transparency of their trading infrastructure.

FEatures

static1.squarespace.png

100% Packet Capture

100% accurate, continuous packet capture with up to 40Gbps sustained write-to-disk. 1, 10, 40, and 100 Gbps line-rate connectivity options.

static1.squarespace-1.png

Adaptive Packet Capture

Reduce storage costs and improve forensic search speeds by retaining only important and useful traffic elements.

static1.squarespace-2.png

Federated Search

Accelerated search based on 5 tuple and Layer 2-4 protocols. Federated search across multiple ThreatEye appliances in a group.

 
static1.squarespace-3.png

Scalability

On-board and SAN storage options to scale to whatever record speed and retention volume required.

static1.squarespace-4.png

Software Application Support

Container hosting support for a wide range of commercial and open-source network security applications such as Suricata and Bro.

gui-icon.png

Web-Based GUI & Management

Centralized management through web- based GUI. RESTful API for easy integrations.

Adaptive Packet Capture

(Coming Soon!)

Select one or more optional packet capture modes to reduce storage costs and improve search speeds.

Connection cutoff

Leverage the heavy-tailed nature of network traffic by retaining only the first “N” packets (or kilobytes) of each network session.

Anonymizer

Maintain user privacy by slicing the packet payload and only retaining packet and protocol headers.

Encryption Bypass

Save storage and compute resources by discarding encrypted traffic sessions.

Reputation List

Utilize IP reputation lists to selectively trigger the recording of network sessions of questionable or malicious sites.

gray-bg-hexes-angle.jpg

Integrations

 
splunk-light-logo.png

Discover the ThreatEye Splunk integration with 100% network visibility.

Discover the ThreatEye plug-in for Palo Alto firewalls with drill-down details of a specific security event.

 
 

Connections & Expansion

flex.png
gray-bg-hexes.jpg

 ThreatEye Portfolio

Capture to Disk Performance
*Sustained recording rate without packet loss
1 Gbps 10Gbps 20Gbps 40Gbps
Software v3.0 Required
Capture port options 2 x 10/100/1000 RJ45 capture ports Capture card required (choose one)

4-port Dual-rate 1/10Gbps SFP/SFP
or
2-port 40Gbps QSFP
or
2-port 1000Gbps QSFP28
Base Appliance Appliance Included Required Dell PowerEdge R730XD or Equivalent
Form Factor 1 x 1U 1 x 2U
Base Storage 4TB 120TB
Storage Expanders (Min. requirement) N/A N/A 1 x 2U, with 120TBytes 3 x 2U, with 120TBytes
Storage Expanders (Max. supported) N/A 8 (total 1 PB)
Management Inteface 1 × 10/100/1000 RJ45 2 × 1G RJ45 + 2 × 1/10G SFP+
GUI Web Based
Support Incluuded Support and Warranty
green-angle-banner.jpg
threateye-icon.png

About ThreatEye

ThreatEye is based on Napatech’s Pandion Network Recorder, a product line renowned for ultrafast packet capture, indexing, and search capabilities. In the fall of 2018 Counterflow AI acquired and adopted Pandion as the basis of ThreatEye, a next-generation network forensics platform that seamlessly integrates full packet capture with a streaming machine learning and data visualization engine.