NTB Series Proactive Visibility & Consolidates Network Security

DOWNLOAD DATASHEET Free Trial Version
Expanding investments on the network To Justify ROI

Expanding investments on the network To Justify ROI

Network analysis devices always demand the visibility, how to access the network traffic they need, for the inspection purpose. The proper visibility we expect is to provide comprehensive data that can satisfy all analysis functions. However, each device has its “packets of interest” so that processing every packet without selection might be a waste for some devices. Thus, to boost the efficiency is to make “right packet to the right device”. In the same time, usually because of network complexity, the visibility mechanism includes packet pre-processing such as tagging/un-tagging, tunnel removal or payload slicing to make sure analysis functions can work smoothly.

Array NTB, the intelligent network visibility platform, is a network appliance powered by xUDN embedded network OS, realizes the approaches above. It creates the analysis-assisted monitoring plane to direct live traffic from the production network to every analysis device, no matter it is in-line or out-of-band, to achieve pervasive inspection and security function offloading. Moreover, Array NTB can defend network perimeters by monitoring massive malicious connections according to the imported threat intelligence, the black list of IPs/Domains/URLs, and send those events, trying to connect an object in the black list, to a log collector or SIEM.

Intelligent Network Visibility & Monitoring Massive Malicious

It creates the analysis-assisted monitoring plane to direct live traffic from the production network to every analysis device, no matter it is in-line or out-of-band, to achieve pervasive inspection and security function offloading.

pervasive inspection

  • A common data acquisition and preprocessing
  • infrastructure for wan to lan/Physical
  • to virtual/out-of-band to in-line.

Security Function Offloading

  • Deliver only "packets of interest"
  • for each security device by
  • L2~L7 filtering.

Perimeter Defense

  • Detect, trace, and
  • block according to
  • IP/Domain blacklist
  • on the front line.
Intelligent Network Visibility & Monitoring Massive Malicious

Advanced NTB Features

  • DELIVERY ACCURACY

    DELIVERY ACCURACY

    Array NTB aggregates several inputs and accurately delivers the packets by not only L2-L4 filtering but also the application-aware pattern-based filtering above L4: filter HTTP connection packets by HTTP URL, filter SIP messages by SIP URI, filter DNS by domain, and so on.

  • TUNNEL HANDLING AND PACKET REENGINEERING

    TUNNEL HANDLING AND PACKET REENGINEERING

    NTB is able to do tag removal or re-capsulation to convert the tunnel packets to plain ones. Packet slicing is also supported such as L4 payload is cut before a TCP/UDP packet is delivered to the analysis device.

  • INTELLIGENT BYPASS AND SERVICE CHAIN

    INTELLIGENT BYPASS AND SERVICE CHAIN

    NTB checks the statuses of the in-line devices by heartbeats and immediately software or hardware bypasses the device that gets problems.

  • NETFLOW AND APPLICATION LOG

    NETFLOW AND APPLICATION LOG

    NTB generates non-sampling (1:1) Netflow v5/v9/v10 by analyzing the mirror traffic from routers or switches while the port mirror is an easy task. Moreover, NTB can generate metadata for DNS, HTTP, and SSL in syslog format simultaneously.

  • [WEB PORTAL FOR CONTROL AND REPORT

    [WEB PORTAL FOR CONTROL AND REPORT

    Array NTB has the web-based GUI console. Users can easily design the complex filter which is a union (or) or intersection (AND) of several atomic filtering rules. NTB web console also provides some live L3/L4 statistics for network snapshots.

  • SOFTWARE-DEFINED MONITORING

    SOFTWARE-DEFINED MONITORING

    Users can write their own XML-based scripts, that should comply with NTB xUDN schema, to fully control NTB such as aggregation, filtering, load balance, Netflow generation, and retrieving statistics.

  • MONITORING NETWORK VIRTUALIZATION

    MONITORING NETWORK VIRTUALIZATION

    Creating X-Tunnel between two NTB appliances is a solution to transport monitoring traffic through IP network. Thus, an enterprise can easily centralize its network analysis resources in the primary site while collecting traffic from else places.

  • PERIMETER DEFENSE

    PERIMETER DEFENSE

    Array NTB can block or detect malicious connections by importing an enormous amount of IoCs: IP address/Domain/URL. NTB has the APIs, script over SFTP or HTTPS, used to import IoCs.

In the past, blocking IP addresses/domains are blocked by FW or IPS. Now, the mission should be transferred to NTB as a higher ROI approach especially when there is the enormous amount of IoCs.

Deployment Options

  • Hardware

    Hardware

    Dedicated appliances performance from 8 Gbps to 6.4 Tbps throughput. The port density is from 8 x 1 GE to 64 x 100G QSFP.

  • Software

    Software

    From Layer 2 to Layer 7 packet information could be the filter rule. Also, support packet reengineering for the specific purpose which is to support incoming and outgoing packets.

  • Deployment

    Deployment

    It supports out-of-band and inline deployment. Traffic aggregation and load balancing are supported.

Get More Information

Need more information?

Connect with an Array expert today; we look forward to learning more about your unique business and technical requirements.

CONTACT SALES CHAT WITH US