cybernuc

COMPLETE PACKET CAPTURE SYSTEM FOR CYBER ANALYSTS

CYBERNUC IS AVAILABLE ONLINE NOW!

CyberNUC is the perfect system for today’s Cyber Analysts, Cyber-Hunters, and any other cybersecurity professional who needs to take all the functionality of a complete packet capture system into the field with them. CyberNUC offers you all the features of NextComputing’s exclusive Packet Continuum packet capture architecture at your fingertips. Lightweight and small, you will not be burdened with heavy equipment to gain all the benefits of packet capture analysis. Add a CyberNUC to your arsenal to keep modern digital IP networks up and running – and fully protected. Arrive on-site, plug CyberNUC into the network, without disrupting IT operations, and get productive fast!

Federated, CyberNUC can be used at multiple sites from a central hub for monitoring offsite, as well as providing the ability for SOC teams to update security policies remotely. 

Based on our Packet Continuum packet capture workflow, the CyberNUC offers high-speed capture, indicators-of-compromise (IoC) alerting, and fully integrated analytics workflow. View long PCAP forensic timelines based on inline data compression. Find critical incidents for full-session analytics and reconstruction. CyberNUC is ideal for network performance monitoring, cyber forensics, compliance enforcement, lawful intercept, and packet data analytics.

Click thumbnails to enlarge



Download CyberNUC Datasheet

Key Features

  • Lossless Capture

    Up to 500 Mbps via 1G RJ-45 copper capture interface

  • Small Form Factor

    Complete packet capture feature set in the palm of your hand. Connect with your laptop or run standalone. Fits in a laptop bag.

  • Active Triggers

    Use real-time, dynamic, user-defined Active Triggers and real-time analytics to rapidly direct critical PCAP data for post-processing, using any of multiple third-party open source DPI software packages, conveniently pre-installed and ready-to-use within CyberNUC.

  • Extensive Logging Features

    RFC anomaly logging, file download event logging, multi-protocol event / metadata logging. The Log Manager also allows for search, cross-correlation and extraction: HTTP, files, DNS, email, user agents, TLS/SSL.

  • Efficient Data Management

    CyberNUC’s built-in PCAP streaming means that no third-party software will “choke” on too much data throughput during PCAP post-processing.

  • Unified GUI

    CyberNUC’s interactive dashboard drives your investigation workflow. You control capture operations, check the scrolling alert log, and quickly extract PCAP or IPFIX (netflow) data into Wireshark, or log/metadata findings results into CSV or text. Streaming results are also remotely accessible, both from a host-based WebGUI over the REST interface, and even from a streaming output port into any 3rd party forensics tool.

  • Visualization

    Visualization is pre-installed and hard-wired into the CyberNUC workflow, using open industry-standard data file formats: PCAP & IPFIX records open in WireShark; log searches open as CSV files; reports as TXT/RTF files.

Cyber NUC Workflow


Click Image to Enlarge

CyberNUC lets you jump quickly between PCAP actions and your tools-of-choice. Gain new insight from DPI analytics tools, and generate graphical incident reports. Then iterate new Active Trigger alerts and PCAP searches, to conclude your investigation quickly.

Real-Time Analytics Features

Open simultaneous BPF-based “Active Triggers”. Adjust them dynamically.

Log Manager events, all with search, cross-correlation and extraction:

  • HTTP
  • File event logging, with file size and URL or SMTP reference
  • DNS
  • Email
  • User agents
  • TLS/SSL
  • Active Triggers (BPF signature)
  • 1000 Snort rules (emerging-DNS, emerging-ftp
  • System events

Log Manager search actions:

  • All logs are time-correlated with PCAPs and IPFIX data
  • Text string search of logs
  • IPFIX record logging and search
  • Choose your results for any search: PCAP, IPFIX, logs, etc.
  • One-click searches auto-populate time period and search filter (BPF), based on context

Cyber NUC Capture Process


Click Image to Enlarge

Continuous lossless packet capture into a rolling FIFO capture store. A separate extraction store retains PCAP file query results.

4-tuple indexing in real time — IP address source/destination, port source/destination — with time stamping as low as 150 nanoseconds

PCAP compression in real time — Overall storage amplification up to 20x (depending on % of captured traffic that is SSL or video)

Search PCAP data from a convenient web GUI, using easy BPF+ descriptors, immediately streaming the results from capture store to persistent extraction store.

CYBERNUC IS AVAILABLE ONLINE NOW!
If you have questions, don’t hesitate to contact a NextComputing Sales Engineer at 1-603-886-3874 or contact us online