How it works
- Step 1: network traffic is received (network traffic copy, data from ICAP clients, captured network data in PCAP format) and pre-processed (application protocol is detected with Deep Packet Inspection technology).
- Step 2: application protocol data is analysed (parse protocol, extract metadata), metadata from external sources is added (directory services, "black" lists, antivirus services) and software-defined events are generated.
- Step 3: software-defined events to consumer systems are delivered (DLP, SIEM, NTA, etc.) according to rule based policy.
Why we stand out
- xEtherEst can handle up to 40 Gbit/s on commercially available off-the shelf (COTS) hardware without packet loss;
- xEtherEst supports encrypted traffic analysis and decrypted traffic from SSL Visibility solutions;
- xEtherEst generates software-defined events and deliver them to multiple consumer systems;
- xEtherEst has open SDK that can be used to create in-house parsers (detectors) for custom applications and services;
- 5 times cheaper than rivals!