caplon decoding & network recording
High-Performance Network Data Recording from Germany
Fast and reliable access to network data is the key requirement for professional network monitoring solutions. Our caplon© tracing appliances capture the relevant network traffic even in high-speed networks guaranteed loss-free - including deep packet analysis in real time. For this purpose, the appliances are connected to a TAP or Span port of a switch. The analysis is completely passive, there is no negative impact on the existing the IT infrastructure.
Tracing in distributed and complex environments
- Monitoring of distributed and cross-location structures by operating several caplon© appliances in multi-system operation with a central data analysis.
- Monitoring virtual environments by capturing network traffic within and between virtualization hosts through caplon© virtual tracing appliances installed on one or more VM hosts.
- Decoding of all common IP-based protocols in the ITC sector and important protocols in the ICS and SCADA sectors
- Decoding of proprietary protocols (on request)
- Display of decoded network packets directly in the browser or in Wireshark via Wireshark plugin
- Detection and (if necessary) removal of package duplicates
- Annotating network packets with the information of the associated trace point
- Download trace files in PCAP, PSML, and PDML formats.
- Multi-user operation with up to 15 simultaneous users (floating licenses)
Network Recording – the flight recorder for the network
The data are continuously written into a ring buffer (with fixed size). This allows network problems or security incidents to be analyzed retrospectively.
- Storing of relevant data up to the peta-byte range with additional storage units
- Solving sporadic problems
- Forensic Analysis - Analyze Security Incidents Retrospectively
- Compliance monitoring - make compliance requirements verifiable
- Permanently storing critical data by creation of ring buffer snapshots
caplon© systems offer a far-reaching integration of Wireshark via a Wireshark plug-in module.
- in distributed structures: online analyzing pre-filtered traffic from different network segments in one trace file
- with authorization profiles: Tracing with Wireshark with considerably reduced risk of data misuse by using corresponding authorization profiles
- with online pseudonymized data: Tracing with Wireshark without insight into personal data or critical infrastructure data through online pseudonymized network data (module caplon© privacy protection)
Seamless integration, improved analysis capabilities, automation capability
caplon© systems have open interfaces and a standardized REST API, making them easy to interact with existing systems.
- Integration into automated monitoring systems and test automation solutions and coupling with intrusion detection systems
- Automated capturing, analysis and export of network data
- Providing third party systems, e.g. SIEM-, IDS-systems with valuable information from network data
- Interaction with active IT components (Cyber Defence Systems, Security Data Collection, Firewalls, …)
Legally compliant access to data
With regard to IT security, the EU-GDPR (Art. 5, para. 1f) requires that personal data be protected by appropriate technical and organisational measurements. This also includes protection against unlawful forms of processing and against accidental loss ("integrity and privacy").
caplon© systems effectively reduce the risk of data misuse with a fine-grained access and authorization system in combination with caplon© Privacy Protection technology.
- Fine-grained adjustable access to the network data regarding network segments, layers and analysis depth per user or role.
- Protection of personal data and critical information of the IT infrastructure by pseudonymisation of network data (module caplon© privacy protection)
- Clear overview of the access rights stored in the system per user and role