Unispeed logo Unispeed

Unispeed Technology

The Technology developed by Unispeed over the last decade is the result of an intensive focus on performance, usability and flexibility. Not many other products within network sniffing and deep packet inspection offers the same high performance while capturing, analysing and forwarding extracted data in one turn without loss of packets.
The ability to real-time processing of network packets on fully utilised duplex network links, and what's even so important at any realistic packet size, on a single platform, enables the customer to create reliable network retention and monitoring solutions which are less complex, easier to maintain and offers the highest work flow visibility in the industry.

Technology comparison

Application - flexibility

figure 3

Performance

figure 4

Scalability

figure 5

Mass surveillance Probe brief

Core Network layer implementation

The Technology developed by Unispeed over the last decade is the result of an intensive focus on performance, usability and flexibility.
Not many other products within the network sniffing and deep packet inspection industry offers the same high performance and versatility.
The ability to real-time process each network packet transported on fully utilized duplex Gigabit and 10 Gbit network links, at any realistic packet size, on a single commodity platform, makes Unispeed devices the perfect platform for mass surveillance and Cyber defence.

figure 6

The device consist of a number of modules which can be individually programmed and act on triggers from other sensors.

1. Hardware accelerated network adapters from Danish Napatech A/S offers the ability to color and filter network packages and load distribute traffic to multi core systems. It also provides limited string and protocol matching and the ability to retransmit or daisy chain traffic in high load scenarios.

2. The state of the art host buffer / backlog system provides buffering of network packets in available memory. The functionality is crucial for the ability to delay traffic while it is being analysed and replay entire sessions from the buffer in order to recover and forward targeted traffic flows from start to end regardless where in the system the event is being targeted.

3. The pattern and signature matching engine is designed to match high volumes of packets against ten thousands of strings injected in different encodings. The target filter can be real-time updated without loss of packets.

4. Packet filtering and protocol detection module allows the device to filter and redirect packet flows according to packet headers and protocol information. It also interacts with the targeting API which enables the device to track communication to certain clients or servers for prolonged periods based on system generated triggers or triggers received from other censors.

5. The protocol extract and reassembly module performs full sequencing and reassembly of traffic which is necessary in order to deflate Gzip and other content encoded messages ( chunked, mime encoded etc.) It also provides the ability to calculate and target checksums from binary objects, downloads, media content and attachments. In Cyber security context it is particular use full for detecting malware and phising attempts transported via emails or downloaded from infected servers.

6. The analytic tool-set is a series of tool for aggregation and traffic rate analysis and GEO-targeting. It is a crucial element for mass surveillance and cyber defense as it has the ability to detect events according to behavior, frequency and regularity. It provides data for macro analysis, behavioral analysis and map relations between identities.

7. The scripting and packet manipulation module is a programming API that allows for custom scripting and third-party application to be integrated with the system. In Cyber defense context it can interface with other censors and core network equipment used to redirect or block traffic. The packet manipulation / rewrite functionality enables the device to inject manipulated packets back into the core network in order to selectively close connections or possible even launch a counter attack against the sou The logic tool-chain architecture in the frame work assures that data can be drawn from the device at any point in the chain. Like wise can data from internal or external sources ( files, binaries, data base lookups etc. ) be joined into the chain at any given time.

Interceptor Probe Pattern Match and REGEX module

figure 7

Interceptor / Netlogger Post Processing module

figure 8

Gateway layout

gateway



© Unispeed A/S
Last modified on May 22 2014