DeepProbe-1 and DeepProbe-10
The industry's only intelligent network surveillance probes for 1Gbps and 10Gbps IP data retention and intercept solutions!
The DeepProbe™ is IP Fabrics' most advanced data retention and intercept system and functions as an intelligent probe under the control of a separate surveillance element such as a mediation system. Designed to be used in distributed data retention and intercept solutions, the DeepProbe is ideal for monitoring large and complex networks.
DeepProbe has the capability to fully inspect every network packet, so the controlling mediation systems don’t need to rely on CMTSs, switches, routers or other probes for filtering and intercept.
DeepProbe products are subject to US export controls and are classified under ECCN 5A002A1. DeepProbe products are authorized for export under provision (b)(1) of License Exception ENC (740.17) as CCATS G136966. DeepProbe can be exported without delay to all counties (excluding Cuba, Iran, North Korea, Sudan and Syria) with No License Required (NLR) (eligible for license exception ENC).
Support for Data Retention, Intercept, and Cyber Security Applications
DeepProbes flexible output modes make it ideal for several important network monitoring and surveillance applications. For example, DeepProbe can be configured to deliver Internet usage events/metadata/IPDR which can be used for data retention solutions. Alternatively, DeepProbe can be configured to deliver a specific target's full communications session/stream, common in intercept solutions. Finally, DeepProbe can be configured to detect specific network content and deliver pertinent information to SIEM for cyber security/insider threat solutions.
Unique Discovery Model
Target discovery in the DeepProbe is provided via the innovative Surveillance Module ™ architecture. To the user, Surveillance Modules (SMs) are a series of well-defined, secure ASN.1 commands, which are designed for specific surveillance techniques. For example, there are SMs for discovering webmail traffic, user-id login (e.g., radius or DHCP), and VoIP traffic. These are termed ‘application-level’ SMs, since they deal with specific target applications/usages.
Other SMs include those geared towards monitoring more generic flows (conversations) based on specific packet header or content characteristics. These are termed ‘protocol-level’ SMs since these require the user to be somewhat knowledgeable of specific packet header and/or content values. Table 1 provides a summary of the DeepProbe Surveillance Modules.
Once the target is discovered, the DeepProbe offers flexible intercept options, including the ability to deliver the entire data stream a summary and key events, or just IPRDs.. DeepProbe also incorporates sophisticated reconstruction logic to deliver only pertinent information when monitoring complex applications such as webmail and chat/IM, greatly reducing the processing required by the monitoring, data retention, and analytic systems.
1Gbps and 10Gbs Models
DeepProbe comes in two basic models. The first is for monitoring 10/100/1000Mbps networks and is available with four surveillance ports. The second is for monitoring 10Gbps networks and is available with four 10Gbps and six 10/100/1000Mbps surveillance ports. Both models support multiple, dynamically updatable targets and also come with two 10/100/1000Mbps system ports.
High Performance, Scalable Architecture
IP Fabrics’ Surveillance Module™ architecture and underlying patent-pending multi-core virtualization technology give DeepProbe many unique advantages over basic “PC-based” surveillance systems or hard-wired ASIC-based systems. DeepSweep’s internal host processors and multi-core packet inspection accelerators allow it to monitor multiple 1Gbps and 10Gbps Ethernet links at true wire-speed with full layer 2-7 deep packet inspection (DPI) capabilities.
Secure, Reliable Provisioning
The DeepProbe is typically provisioned and managed by a centralized mediation via the system ports using a set of simple, yet powerful commands. Each provisioning command is securely authenticated to prevent use by an unauthorized system. Consistent with other DeepSweep systems, an easy-to-use, secure web-based interface is also included.
For more information about Network Surveillance using DeepProbe, please refer to the IP Network Surveillance Whitepaper.