InfiniStream Security Forensics is a forensics analysis solution that allows enterprise customers worldwide to reconstruct, understand and prevent harmful network activity and security events.
The InfiniStream solution includes the following key components:
Capture Engine – The InfiniStream capture engine is a hardware appliance that enables network and security managers to continuously capture and store network traffic at gigabit speeds. The capture engine can index and warehouse 2.9 terabytes of traffic, which equates to roughly 2.5 days of network traffic data on a full-duplex gigabit network with five percent utilization. The capture engine is based upon the Linux operating system with no traditional UNIX services active, providing the most secure appliance environment.
Mining Console – The InfiniStream mining console is the main user interface that allows network managers and security analysts to retrieve the network traffic and administer the capture engine. It provides filters that allow a user to narrow a search to a more manageable set of traffic by any combination of time, IP address or port number.
Reconstruction/Replay – The InfiniStream reconstruction/replay software functionality enables security and network analysts to replay and investigate specific events such as security breaches and network slowdowns. The software enables users to review individual Web sessions, FTP files, emails, IRC sessions, and VoIP conversations. The reconstruction/replay software enables security managers to successfully reconstruct an event to precisely determine when it happened, how it happened, who/what caused it and what it damaged, and isolate destructive payloads or security threats for further investigation and analysis.