Low-Cost, High-Performance, Portable Packet Forensics Appliance for Network Analysts and Cyber Security Investigators
Click Thumbnails to Enlarge
CyberPro is the perfect tool for today’s Cyber-Hunters, IT/InfoSec specialists, and field network engineers, whose mission is to keep modern digital IP networks up and running – and fully protected. Grab this portable tool, arrive on-site, plug into the network without disrupting IT operations, and get productive fast!
Within a mobile, lightweight test appliance, CyberPro offers high-speed capture, indicators-of-compromise (IoC) alerting, and fully integrated analytics workflow. View long PCAP forensic timelines based on inline data compression. Find critical incidents for full-session analytics and reconstruction. CyberPro is ideal for network performance monitoring, cyber forensics, compliance enforcement, lawful intercept, and packet data analytics.
Download CyberPro Datasheet
Real-Time Analytics Features
Open up to 10 simultaneous BPF-based “Active Triggers”. Adjust them dynamically.
Log Manager events, all with search, cross-correlation and extraction:
- File event logging, with file size and URL or SMTP reference
- User agents
- Active Triggers (BPF signature)
- 100 Snort rules (emerging-DNS, emerging-ftp
- System events
Log Manager search actions:
- All logs are time-correlated with PCAPs and IPFIX data
- Text string search of logs
- IPFIX record logging and search
- Choose your results for any search: PCAP, IPFIX, logs, etc.
- One-click searches auto-populate time period and search filter (BPF), based on context
CyberPro Open Data Access
Packet Capture Features
Continuous lossless packet capture, with configurations up to 15 Gbps, into a rolling FIFO Capture Store
Searchable data recorder for IPFIX netflow records and log files
Real time indexing and alerting — with time stamping as low as 150 nanoseconds
Data compression in real time — Overall storage amplification up to 10x
Dedicated onboard Extraction Store retains all search query results, retrievable by user-defined name
Options for PCAP (or IPFIX) search results:
- View in Wireshark on the local display UI
- Remotely access from an external host via Web GUI or REST/API scripting
- Run the critical sessions over the Streaming Playback Interface to any 3rd party forensic analysis tool. Simply connect streaming playback output to the capture interface of your tool, just like a span/mirror port.
CyberPro Capture Process
Continuous lossless packet capture, with configurations up to 10 Gbps, into a rolling FIFO capture store. A separate extraction store retains PCAP file query results.
4-tuple indexing in real time — IP address source/destination, port source/destination — with time stamping as low as 150 nanoseconds
PCAP compression in real time — Overall storage amplification up to 20x (depending on % of captured traffic that is SSL or video)
Search PCAP data from a convenient web GUI, using easy BPF+ descriptors, immediately streaming the results from capture store to persistent extraction store.
3 options for lossless packet capture: 1-3Gbps, 5-10Gbps, 7.5-15Gbps
Stream initial search results of PCAP, IPFIX/netflow, and log files to any visualization tool, even while a critical search in on-going. No more waiting for endless query response times!
Use real-time, dynamic, user-defined Active Triggers and real-time analytics to rapidly direct critical PCAP data for post-processing, using any of multiple third-party open source DPI software packages, conveniently pre-installed and ready-to-use within CyberPro.
Extensive Logging Features
RFC anomaly logging, file download event logging, multi-protocol event / metadata logging. The Log Manager also allows for search, cross-correlation and extraction: HTTP, files, DNS, email, user agents, TLS/SSL.
Efficient Data Management
CyberPro’s built-in PCAP streaming means that no third-party software will “choke” on too much data throughput during PCAP post-processing.
CyberPro’s interactive dashboard drives your investigation workflow. You control capture operations, check the scrolling alert log, and quickly extract PCAP or IPFIX (netflow) data into Wireshark, or log/metadata findings results into CSV or text. Streaming results are also remotely accessible, both from a host-based WebGUI over the REST interface, and even from a streaming output port into any 3rd party forensics tool.
Visualization is pre-installed and hard-wired into the CyberPro workflow, using open industry-standard data file formats: PCAP & IPFIX records open in WireShark; log searches open as CSV files; reports as TXT/RTF files.