DeepSweep-1

The first system optimized for live, real-time, wire-speed network surveillance!

The DeepSweep-1 is a very powerful, configurable appliance for inspecting network traffic and appropriately acting on traffic of interest. Traffic can be inspected at all layers of network protocols using complex constructs such as protocol filters, complex classification databases, white/black host lists, and signature databases. Once interesting traffic has been detected, the DeepSweep provides a flexible set of actions, such as recording the traffic in a local file, encapsulating and transmitting the packet to another computer, generating SNMP alerts, transmitting to a local or remote Surveillance Module, passing to a locally-residing user application, or simply reflecting out a network port.

Based on IP Fabrics' innovative Surveillance Module architecture and underlying patent-pending multi core virtualization technology, DeepSweep-1 provides many unique advantages over PC-based or hard-wired ASIC/FPGA-based surveillance systems.

DeepSweep-1's internal host processor and multi-core packet inspection accelerators allow it to monitor multiple 1Gbps Ethernet links at true wire-speed with full layer2-7 inspection capabilities.

The innovative Surveillance Module architecture enables DeepSweep to be used as a stand-alone network surveillance system, in conjunction with other security/surveillance systems (e.g., as a pre-filter), and even supports hosting user-applications on the system processor. The highly scalable architecture allows multiple DeepSweeps to be configured in parallel or pipelined, as well as enabling remote systems to share learned information such as dynamic IP addresses assignment and VoIP call establishment information.

The DeepSweep-1 is configured using a set of intuitive, browser-based configuration screens, enabling complex surveillance logic to be configured directly at the protocol level or at the much higher application level.

Logical surveillance functions are grouped into Surveillance Modules (SMs), which are easily configured by the user. Multiple SMs can be chained together to form complex surveillance logic assemblies.

The DeepSweep-1 has the following SMs:

• Packet Traffic: individual layer 3-7 packet analysis at the network/protocol level
• Packet Flow: layer 3-7 flow-based analysis at the network/protocol level
• Sub IP: layer 2/2+ (e.g., Ethernet, PPPoE, MPLS) analysis
• Unusual Traffic: malformed packets, improper fragments, protocol anomalies, etc.
• Netflow/IPIX: analysis of Netflow records from routers and other equipment
• sFlow: analysis of sFlow records from switches
• DNS: protocol-specific analysis of DNS lookups
• User ID: protocol-specific analysis of user login/authentication IP address assignment
• SIP/RTP Intercept: protocol-specific analysis of SIP messages and subsequent RTP flows
• Email: protocol-specific analysis of common email protocols (e.g., SMTP) and email content

For complete specifications, please refer to the DeepSweep-1 Datasheet.

For more information about Network Surveillance using DeepSweep, please refer to the IP Network Surveillance Whitepaper.

For information on how the DeepSweep achieves is high performance, please refer to the DeepSweep Performance white paper in our White Papers and Briefs page.