COMPLETE PACKET CAPTURE SYSTEM FOR CYBER ANALYSTS
CyberNUC is the perfect system for today’s Cyber Analysts, Cyber-Hunters, and any other cybersecurity professional who needs to take all the functionality of a complete packet capture system into the field with them. CyberNUC offers you all the features of NextComputing’s exclusive Packet Continuum packet capture architecture at your fingertips. Lightweight and small, you will not be burdened with heavy equipment to gain all the benefits of packet capture analysis. Add a CyberNUC to your arsenal to keep modern digital IP networks up and running – and fully protected. Arrive on-site, plug CyberNUC into the network, without disrupting IT operations, and get productive fast!
Federated, CyberNUC can be used at multiple sites from a central hub for monitoring offsite, as well as providing the ability for SOC teams to update security policies remotely.
Based on our Packet Continuum packet capture workflow, the CyberNUC offers high-speed capture, indicators-of-compromise (IoC) alerting, and fully integrated analytics workflow. View long PCAP forensic timelines based on inline data compression. Find critical incidents for full-session analytics and reconstruction. CyberNUC is ideal for network performance monitoring, cyber forensics, compliance enforcement, lawful intercept, and packet data analytics.
Up to 500 Mbps via 1G RJ-45 copper capture interface
Small Form Factor
Complete packet capture feature set in the palm of your hand. Connect with your laptop or run standalone. Fits in a laptop bag.
Use real-time, dynamic, user-defined Active Triggers and real-time analytics to rapidly direct critical PCAP data for post-processing, using any of multiple third-party open source DPI software packages, conveniently pre-installed and ready-to-use within CyberNUC.
Extensive Logging Features
RFC anomaly logging, file download event logging, multi-protocol event / metadata logging. The Log Manager also allows for search, cross-correlation and extraction: HTTP, files, DNS, email, user agents, TLS/SSL.
Efficient Data Management
CyberNUC’s built-in PCAP streaming means that no third-party software will “choke” on too much data throughput during PCAP post-processing.
CyberNUC’s interactive dashboard drives your investigation workflow. You control capture operations, check the scrolling alert log, and quickly extract PCAP or IPFIX (netflow) data into Wireshark, or log/metadata findings results into CSV or text. Streaming results are also remotely accessible, both from a host-based WebGUI over the REST interface, and even from a streaming output port into any 3rd party forensics tool.
Visualization is pre-installed and hard-wired into the CyberNUC workflow, using open industry-standard data file formats: PCAP & IPFIX records open in WireShark; log searches open as CSV files; reports as TXT/RTF files.
Cyber NUC Workflow
Real-Time Analytics Features
Open simultaneous BPF-based “Active Triggers”. Adjust them dynamically.
Log Manager events, all with search, cross-correlation and extraction:
- File event logging, with file size and URL or SMTP reference
- User agents
- Active Triggers (BPF signature)
- 1000 Snort rules (emerging-DNS, emerging-ftp
- System events
Log Manager search actions:
- All logs are time-correlated with PCAPs and IPFIX data
- Text string search of logs
- IPFIX record logging and search
- Choose your results for any search: PCAP, IPFIX, logs, etc.
- One-click searches auto-populate time period and search filter (BPF), based on context
Cyber NUC Federation Manager
Federation Manager software allows multiple authorized users to access and manage up to 100 CyberNUC appliances in the field.
- Federated Log Manager lets you see all real-time data via a single, unified Wed-based User Interface!
- Find critical event data from all appliances with a single query!
- Remote packet viewer gives Wireshark-like access to any full session content for an alert!
- Download PCAP files for central analysis with centralized tools!
- Upload identical rulesets of IDS Alerts (or new Threat-IP Lists) to ALL appliances – simultaneously!
Cyber NUC Capture Process
Continuous lossless packet capture into a rolling FIFO capture store. A separate extraction store retains PCAP file query results.
4-tuple indexing in real time — IP address source/destination, port source/destination — with time stamping as low as 150 nanoseconds
PCAP compression in real time — Overall storage amplification up to 20x (depending on % of captured traffic that is SSL or video)
Search PCAP data from a convenient web GUI, using easy BPF+ descriptors, immediately streaming the results from capture store to persistent extraction store.