caplon decoding & network recording
High-performance network data recording from Germany
The scalable tracing engine is part of every caplon© appliance. In combination with specially programmed FPGA-based data acquisition cards from napatech®, it guarantees the complete and lossless acquisition of network data in high-speed networks. caplon© decoding & network recording captures the network packets to a TAP or span port of a switch - including deep packet analysis in real time. The analysis is therefore completely passive and non-reactive.
The caplon© trace engine was developed on the basis of a highly scalable architecture to ensure that network packets can be captured loss-free even at very high data rates. This opens up new possibilities for analysing services in the context of 5G and broadband streaming services. The correlation of parameters in the network streams is supported by the FPGA-based data acquisition card with nanosecond time stamps.
Tracing in distributed and complex environments
The caplon© system architecture supports the monitoring of spatially distributed and multi-site structures. Data capture systems with different levels of performance are used: edge boxes in the OT area, caplon© network probes with or without analysis options, caplon© aggregation systems and caplon© umbrella systems. The system architecture enables individual adaptation to customer requirements and cost optimisation.
- In virtual environments, network traffic within and between virtualisation hosts is captured by caplon© virtual tracing appliances, which are installed on one or more VM hosts.
- Decoding of all common IP-based protocols in the ITC sector and important IP based protocols in the ICS and SCADA sectors
- Decoding of proprietary protocols (on request)
- Display of decoded network packets directly in the browser or in Wireshark via consistec Wireshark plugin
- Detection and optionally removal of package duplicates
- Annotating network packets with the information of the associated trace point
- Download trace files in PCAP, PSML, and PDML formats.
- Multi-user operation with up to 15 simultaneous users (floating licenses)
Network Recording – the flight recorder for the network
caplon© continuously writes the recorded network data to a ring buffer with a configurable fixed size. This allows network problems or security incidents to be analyzed retrospectively.
- Storing of relevant data up to the peta-byte range with additional caplon© storage extensions
- Solving sporadic problems
- Forensic Analysis - Analyze Security Incidents Retrospectively
- Compliance monitoring - make compliance requirements verifiable
- Permanently storing critical data by creation of ring buffer snapshots if problems or anomalies are detected
caplon© systems offer a far-reaching integration of Wireshark via a Wireshark plug-in module.
- in distributed structures: online analyzing pre-filtered traffic from different network segments in one trace file
- with authorization profiles: Tracing with Wireshark with considerably reduced risk of data misuse by using corresponding authorization profiles
- with online pseudonymized data: Tracing with Wireshark without insight into personal data or critical infrastructure data through online pseudonymized network data (module caplon© privacy protection)
Seamless integration, improved analysis capabilities, automation capability
caplon© systems have open interfaces and a standardized REST API, making them easy to interact with existing systems.
- Integration into automated monitoring systems and test automation solutions and coupling with intrusion detection systems
- Automated capturing, analysis and export of network data
- Providing third party systems, e.g. SIEM-, IDS-systems with valuable information from network data
- Interaction with active IT components (Cyber Defence Systems, Security Data Collection, Firewalls, …)
Legally compliant access to data
With regard to IT security, the EU-GDPR (Art. 5, para. 1f) requires that personal data be protected by appropriate technical and organisational measurements. This also includes protection against unlawful forms of processing and against accidental loss ("integrity and privacy").
caplon© systems effectively reduce the risk of data misuse with a fine-grained access and authorization system in combination with caplon© Privacy Protection technology.
- Fine-grained adjustable access to the network data regarding network segments, layers and analysis depth per user or role.
- Protection of personal data and critical information of the IT infrastructure by pseudonymisation of network data (module caplon© privacy protection)
- Clear overview of the access rights stored in the system per user and role