Telcos, ISPs, & MSPs

Where the network
IS the business

Network monitoring solutions for Telcos, ISPs & MSPs

Government

Where the stakes
are at their highest

Network monitoring solutions for Government Agencies

Traders

Best practice &
competitive
advantage

Network monitoring solutions for Financial Services

Enterprise

Managing risk,
reputation, and
compliance

Network monitoring solutions for Enterprise
Home » Industries » Government & CERTS

Solutions for Government & CERTS

Where the stakes are at their highest.

We do business with

  • The top intel agencies in the US and Europe
  • A number of government-funded CERTs

The power to see all for government and CERT

From a technology standpoint, governments can be split into a number of distinct groups that each share a specific set of technology needs:

  • National Intelligence agencies
  • Civilian / Military Agencies, CERTs, and CSERTs.
Cyber Security Monitoring

Cyber Security Monitoring

Listen to Tim Nichols, VP Marketing at the National Cyber Security Conference in London (November 2012). In his speech Tim talks about the changing cyber landscape and some of the different strategies public sector organizations can employ to combat the growing cyber threat.

Introducing the
EndaceProbe 3820

The EndaceProbe 3820 is purpose-built for data acquisition inside government intelligence facilities.

The 3820 redefines Space, Weight and Power (SWaP) standards for data acquisition platforms and supports a feature set including full SONET/SDH frame access.

Learn more about the EndaceProbe 3820.

National Intelligence

Where national security is concerned, there can be no compromise. Guaranteed, continuous 100% packet capture is just the tip of the requirements iceberg. The challenges faced by these teams are extensive, which is why over the past 10 years many of them have turned to Endace for help and assistance.

Intelligence agencies typically contain two distinct groups, a group responsible for capturing the information (data acquisition) and a team responsible for analyzing it once it's captured. We have been able to able to add value to both groups with our range of EndaceProbes™ and EndaceSensors™.

From a data acquisition standpoint, teams face a number of challenges:

  • They have to stay one step ahead of the telcos, as telcos deploy 40Gb/s and 100Gb/s. So government agencies have to be able to accurately monitor these links, while at the same time maintaining coverage over legacy technologies such as SONET
  • Agencies need to go beyond 'enterprise-level' visibility into network traffic: it's essential to be able to get full SONET/SDH frame access visibility. This is technically challenging and difficult to do.
  • Space, weight, and power (SWaP) presents data acquisition teams with significant challenges as, like many commercial organizations, they are heavily resource constrained and must continually strive to build the most efficient architectures.

The solution for Data Acquisition

To help address the needs of teams responsible for acquiring data we have developed a specific system, the EndaceProbe 3820, which delivers unique data acquisition capabilities in a 1U 19-inch system:

  • 100% lossless packet capture at 10Gb/s on both OC-192 and 10 GbE LAN/WAN
  • High-resolution timestamps on all packets to +/- 7.5nSecond resolution
  • Full stack bypass with hardware-based load balancing and layer 2 and 3 filtering
  • High port count (4 individually configurable Rx and Tx ports capable of monitoring OC192/STM 64)
  • Extremely low SWaP (6.25 uJoule/packet)
  • Full channelized CO-192 and STM-64 inspection, including packet overheads
  • Full platform/application separation
  • Central management and virtualised application environment for hosting custom algorithms.

Significantly, the system allows teams to standardize on a single SKU for all data acquisition. This has the potential to significantly change the operational and capital cost model associated with this activity.

The solution for Data Analysis

From a data analysis standpoint, teams again face a number of different, but equally significant challenges given that:

  • The volume of data that these teams work with is vast and significant computing power is required to move data around inside the environment and do the actual analysis. The tools and techniques currently in use today don't scale easily and, in addition, consume significant resource.
  • Analytics teams typically need to use a range of different software tools to perform their analysis. These tools include custom apps, open-source applications, and commercially available tools. The current technology paradigm makes this very a very cumbersome and resource-intensive activity and leads to sub-optimal processes and procedures.

To help address the needs of the analytics team, we deploy standard high-density EndaceProbes in a fabric configuration. Using EndaceProbes, analytics teams benefit from:

  • Standard commodity Intel multi-core hardware
  • Fast lossless transfer of data between systems
  • Central management capability
  • High port density
  • Low power consumption
  • A unique and powerful virtual application environment into which any compatible analysis tool can be deployed.

Military, Civilian, and CERTs

Like any organization, most, if not all, government agencies are reliant on their 'corporate' networks for all types of communication – both secure and open. In addition, a growing number of government agencies have a public-facing web presence through which they service their customers. Government agencies have long been a honey-pot for hackers and deviants attempting to steal confidential information or disrupt the inner workings of government.

To put that into context, in an article in the Chicago Tribune, General Keith Alexander, the head of US Cyber Command, indicated that each month Pentagon systems are attacked 250,000 times an hour, or six million times a day and that attackers include foreign intelligence agents, criminal enterprises, and hackers trying to make mischief.

With that level of attack and the level of sensitivity of the information held within the networks, it's imperative that government agencies deploy the most accurate and scalable cyber-security monitoring tools possible – as the consequences of data leaks and successful breaches can be simply catastrophic.

Key drivers for government security systems are typically:

  • Lossless packet capture and analysis at 10Gb/s
  • Support open-source DPI engines, such as SNORT® and Suricata
  • Ability to deploy custom rule sets on a local (VLAN) level
  • Accurate reporting and auditing of user behavior
  • High port density and high processing power per system
  • Low power consumption
  • Central management capability for distributed deployments
  • High density local storage for retrospective analysis of network activity
  • Ability to seamlessly integrate into SIM/SIEM architectures.

In a number of European government agencies (both civilian and military) we have deployed Monitoring and Recording Fabrics in intrusion-detection mode. By definition, every Endace System is delivered with Endace Security Manager installed as standard. ESM is a SNORT-based IDS which was proven by NSS Labs to alert on every single security event on a fully loaded 10 Gb/s link. Where we've deployed a fabric in IDS mode, our customers have seen an immediate improvement in the visibility that they have into their networks and, thanks to the integrated workflow, have seen significant improvements in Mean Time to Resolution (MTTR).

For more information download the Endace Security Manager datasheet.