cyberpro Overview

Low-Cost, High-Performance, Portable Packet Forensics Appliance for Network Analysts and Cyber Security Investigators

CyberPro is the perfect tool for today’s Cyber-Hunters, IT/InfoSec specialists, and field network engineers, whose mission is to keep modern digital IP networks up and running – and fully protected. Grab this portable tool, arrive on-site, plug into the network without disrupting IT operations, and get productive fast!

Within a mobile, lightweight test appliance, CyberPro offers high-speed capture, indicators-of-compromise (IoC) alerting, and fully integrated analytics workflow. View long PCAP forensic timelines based on inline data compression. Find critical incidents for full-session analytics and reconstruction. CyberPro is ideal for network performance monitoring, cyber forensics, compliance enforcement, lawful intercept, and packet data analytics.

Download CyberPro Datasheet

click thumbnails to enlarge

Key Features

  • Lossless Capture

    3 options for lossless packet capture: 1-3Gbps, 5-10Gbps, 7.5-15Gbps

  • Simultaneous Search

    Stream initial search results of PCAP, IPFIX/netflow, and log files to any visualization tool, even while a critical search in on-going. No more waiting for endless query response times!

  • Active Triggers

    Use real-time, dynamic, user-defined Active Triggers and real-time analytics to rapidly direct critical PCAP data for post-processing, using any of multiple third-party open source DPI software packages, conveniently pre-installed and ready-to-use within CyberPro.

  • Extensive Logging Features

    RFC anomaly logging, file download event logging, multi-protocol event / metadata logging. The Log Manager also allows for search, cross-correlation and extraction: HTTP, files, DNS, email, user agents, TLS/SSL.

  • Efficient Data Management

    CyberPro’s built-in PCAP streaming means that no third-party software will “choke” on too much data throughput during PCAP post-processing.

  • Unified GUI

    CyberPro’s interactive dashboard drives your investigation workflow. You control capture operations, check the scrolling alert log, and quickly extract PCAP or IPFIX (netflow) data into Wireshark, or log/metadata findings results into CSV or text. Streaming results are also remotely accessible, both from a host-based WebGUI over the REST interface, and even from a streaming output port into any 3rd party forensics tool.

  • Visualization

    Visualization is pre-installed and hard-wired into the CyberPro workflow, using open industry-standard data file formats: PCAP & IPFIX records open in WireShark; log searches open as CSV files; reports as TXT/RTF files.

CyberPro Workflow

Click Image to Enlarge

CyberPro lets you jump quickly between PCAP actions and your tools-of-choice. Gain new insight from DPI analytics tools, and generate graphical incident reports. Then iterate new Active Trigger alerts and PCAP searches, to conclude your investigation quickly.

Real-Time Analytics Features

Open up to 10 simultaneous BPF-based “Active Triggers”. Adjust them dynamically.

Log Manager events, all with search, cross-correlation and extraction:

  • HTTP
  • File event logging, with file size and URL or SMTP reference
  • DNS
  • Email
  • User agents
  • Active Triggers (BPF signature)
  • 1000 Snort rules (emerging-DNS, emerging-ftp
  • System events

Log Manager search actions:

  • All logs are time-correlated with PCAPs and IPFIX data
  • Text string search of logs
  • IPFIX record logging and search
  • Choose your results for any search: PCAP, IPFIX, logs, etc.
  • One-click searches auto-populate time period and search filter (BPF), based on context

CyberPro Open Data Access

Click Image to Enlarge

Packet Capture Features

Continuous lossless packet capture, with configurations up to 15 Gbps, into a rolling FIFO Capture Store

Searchable data recorder for IPFIX netflow records and log files

Real time indexing and alerting — with time stamping as low as 150 nanoseconds

Data compression in real time — Overall storage amplification up to 10x

Dedicated onboard Extraction Store retains all search query results, retrievable by user-defined name

Options for PCAP (or IPFIX) search results:

  • View in Wireshark on the local display UI
  • Remotely access from an external host via Web GUI or REST/API scripting
  • Run the critical sessions over the Streaming Playback Interface to any 3rd party forensic analysis tool. Simply connect streaming playback output to the capture interface of your tool, just like a span/mirror port.

CyberPro Capture Process

Click Image to Enlarge

Continuous lossless packet capture, with configurations up to 10 Gbps, into a rolling FIFO capture store. A separate extraction store retains PCAP file query results.

4-tuple indexing in real time — IP address source/destination, port source/destination — with time stamping as low as 150 nanoseconds

PCAP compression in real time — Overall storage amplification up to 20x (depending on % of captured traffic that is SSL or video)

Search PCAP data from a convenient web GUI, using easy BPF+ descriptors, immediately streaming the results from capture store to persistent extraction store.

Transportation Cases

Soft Case

A high-quality, padded carrying bag is included with the CyberPro.

  • Has room and extra pockets for your keyboard, mouse, cables, and other items
  • The case can be branded with your logo stitched on the front
  • Fits in the overhead bin on an airplane
Compact Rugged Case

A compact rugged transport case is also available for the CyberPro.

  • Internal foam cutout snugly holds the CyberPro, as well as spaces for additional accessories
  • Fits in the overhead bin of some planes
  • Exterior dimensions (L X W X D) 24.39″ x 19.36″ x 8.79″ (62 x 49.2 x 22.3 cm)
Full Size Rugged Case

Full size rugged case with wheels and telescoping handle.

  • Internal foam cutout snugly holds the CyberPro, as well as spaces for additional accessories
  • Can be checked as baggage, while giving you peace of mind that your system is safe
  • Exterior dimensions (L X W X D) – 24.60″ x 19.70″ x 11.70″ (62.5 x 50 x 29.7 cm)
Download CyberPro PDF
Download the CyberPro datasheet for detailed specs and configurations

Let’s talk about how the CyberPro can be integrated into your workflow;

call a NextComputing Sales Engineer at
1-603-886-3874 or contact us online