All network traffic recording at OSI Layer 7 for instant search, security analytics, regulatory compliance and digital forensics, includes SSL proxy to decrypt web, email, webmail, with look-back capability for months or years

Turn-key Enterprise Network Security Solution

The Network Traffic Security System (NTSS) is an Internet data traffic recording and archiving system, which captures all IP packets from an Ethernet network, re-engineers relevant traffic back to the application level content (Web pages, e-mails, downloaded and uploaded files etc.) and stores it into the scalable and searchable database system for long-term archiving and records management needs.

Unlike firewall capabilities that are perimeter-based and focused on keeping the bad guys out at all times, NTSS is focused on complementary capabilities.

NTSS blanket-type forensics data collection, including yet undetected by other tools hacking attempts and the full evidence trail recording for months or years, can force the adversaries to rethink increased risks of fast exposure and quick criminal conviction. NTSS immediately provides dead-cert forensic evidence in the form of the actual actions, proved by recorded traffic.

The holistic security analytics provided by NTSS all-traffic database enables to have access to the “Big picture” by security personnel, discovering and spotting anomalous traffic, decreasing the time adversaries are on a network, and inhibiting their ability to exfiltrate intellectual property or financial data out.

Without NTSS instant look-back capabilities and razor-sharp search-based analytics across all network data sources and all traffic types, it could literally take weeks and months for an investigator to inspect all relevant log and audit sources, trying to put together the likely picture of what happened or what is going on at the moment within the corporate network.

NTSS holistic approach completely recording all network traffic without prior assumptions or rules, dramatically reduces detection time for otherwise unidentifyable by perimeter defenses threat vectors such as new malware from nation-states or ransomware from well-funded criminal gangs.

Through dead-simple to use by non-expert personnel real-time search, alerting, reporting and network data visualization, being part of NTSS software, our customers can stay in the full awareness of their network state and traffic patterns. With NTSS our customers can exercise vigilant security supervision for all relevant networked computer systems, including smart phones, tablets, BYOD devices connected to the corporate network.

NTSS also provides super-fast identification of essentially unavoidable modern age infection sources caused by persistent threats such as employees falling victims to email phishing or hackers using social engineering methods. NTSS enables timely spotting and immediate sanitization of all malware sources, along alerting of victimized users. Shortening timeframe for malware actors is of paramount significance to the successful corporate security policy.

Think about NTSS for your digital network as an ultimate CCTV-surveillance system for your house. It does not protect your house against physical break-in, but its deterring capability makes most criminals to avoid your property.

NTSS is designed to meet the increasing needs of Corporate Governance, Electronic Records Management and Regulatory Compliance associated with communications transacted to/from the legal entity of the organization, NTSS monitors, indexes and stores all content and communications that are transacted across the network.

Typically positioned at the Internet boundary (on the monitoring-port of a switch or network tap) NTSS enables immediate visibility of e-mails and attachments sent/received, web-mail, web-pages viewed, web postings, instant messaging chat conversations, files transferred in an intuitive & easy-to use web GUI.

Features

Full instant reconstruction of user activity
Simple and easy to use web GUI
Instantaneous search of all captured content
Scalable capture of data and retention periods
Real-time alerting
Secure and audited role-based user access
Extensive management reports
Advanced linguistic search
Traffic filtration
Open standards architecture & easy to deploy

Key Benefits

Control over the Unpredictable

NTSS collects all traffic data regardless of predefined assumptions and therefore helps to pinpoint and discover unforeseen security threats.

Control Acceptable Use Policy

Easily identify Acceptable Use Policy violations, either by directly locating the incidents, or setting up automated Alerts. Such e-discoveries directly help to improve online security policies.

“Insider” Trading and Information Theft Monitoring

Setup alerts to warn IT security when documents containing specific keyword(s) or metadata are sent out to a known or any destination on the Internet.

Discover long-standing data security threats

Some security breaches are not obvious in real-time, short-term monitoring. Having access to transaction data over several months can help to profile suspicious behavior and anticipate long-term planned attacks.

A complete, reliable and searchable backup of all e-mail traffic from the company, including web-mails.

NTSS stores and makes fully searchable inbound and outbound e-mail communication of your organization. You can search in:

e-mail contents or metadata;
attached documents;
webmails

Functionality

Full reconstruction of user activity

Instant reconstruction and review of IM conversations, Blog postings, web pages (including web-mail), files transferred, e-mails, images (as thumbnails and in full resolution), audio/video and documents. Also view as XML, HTML or other formats, for example, view specific TCP or UDP connection content in the HEX format.

Search all captured content

All captured content is indexed and searchable including text and Meta data (title, date, time, author, etc.) as well as contents of Web pages, e-mails, Microsoft Exchange mails, Microsoft Word, Excel and PowerPoint, and PDF documents.

Instantaneous search

Search up to a Terabyte of captured content in sub-second times on a single appliance, and maintain similar search times with multi-Terabyte data storages via clustering on multiple network servers. Most ad hoc queries are typically performed under 0.5 seconds, providing relevant results for pivoting, navigation and exploration of network traffic of particular interest.

Simple and easy to use web GUI

Any Internet-browser based client can be used to search, navigate and cross-reference through web links among relevant data objects and network events within NTSS database. Users can work efficiently and comfortably, even without deep knowledge of network protocols or other technical details.

Management reports & Dashboards

Top X users/abusers, segmented by IP/MAC address or username, Protocol (HTTP/S, SMTP/POP3, MAPI, IM, FTP, etc.), Time period (date and time slice), Volume (MB, GB, TB, etc.), Domain (Email, Web traffic), File types (PDF, DOC, video etc.) and other criteria.

Advanced linguistic and Boolean search

Search all content by keyword(s), exact phrases, partial keyword(s), proximity searches, Boolean logic, keyword inclusion or exclusion and instant keyword spelling or alternative suggestions.

Real-time alerting

Investigators and Auditors can be alerted in real-time when specific, user-defined, criteria are matched, such as “content matching”. The Network Administrator can be alerted upon an important system status change, and can also remotely monitor the status of the NTSS system via SNMP agent.

Instantly pivot on any cross-referenced data point

Immediately pivot review on contextual data, e.g. IP/MAC address, e-mail address or timestamp, types of traffic etc.

Secure and Audited role-based user access

NTSS employs user rights management to enforce roles-based interaction with the system, complete with a full audit trail of who accessed what and at what privilege level. Roles can include Administrator, Investigator and Auditor, each with appropriate (restricted) access to either the system or the data/content within. Users can securely log-in and use NTSS over encrypted SSL protocol.

Scalable capture and data retention

Scales linearly through clustering to support line rates up to 1Gbit/s and data retention policies up to 10 years for raw IP and reconstructed data.

Traffic filtration

Comprehensive traffic filtering rules accommodate Organizational policies for retaining/ignoring certain traffic types, domains or users.

Truly language independent

Capture, index, search and review any UTF-8 text extracted from content regardless of the language used, e.g. English, French, German, Greek, Arabic, Hebrew, Chinese, etc.

Open standards architecture

All content, text, META and reference data, including application level data (e-mails, files, web pages etc.) is retained in open standards XML wrappers, enabling easy export and import into 3rd party analysis tools. A fully documented Application Program Interface (API) is also available.