There is a growing need for network administrators to be able to report on traffic traversing all sites. This requires information collection from every router, switch, and the recording of every conversation, both large and small; CySight does all of this, now using the DigiToll’s patented methods of collection, aggregation, and storage of Netflow data
This method is advantageous for the following reasons:
- Speed – requires minimal computing
- Size – requires minimal data-storage
- Granularity – requires minimal data storage and speed of access to granular data is fast
- Privacy – the ability to separate data collection from the user information
CySight offers customers an access management solution that enables corporations to efficiently and accurately track, trace, monitor, alert, and manage traffic traveling inside their network; and outside to the Internet.
CySight is the only flow analysis proven in Telco environments for full compliance retention and has proven to scale to production environments of 1.3 million users and a data center with more than 240 Tb of data throughput. For long term analysis of your Telco environment, the patented DigiToll collection process provides a complete chart of accounts and accountability of every byte.
CySight is comprised of:
- Base Collection, Clustering, and Hierarchy: High compliance network traffic transaction logging that captures huge flows from network cores or from hundreds of distinct devices with forensic analysis tools to perform data mining on any aspect of flow data from simple performance analytics to complex cyber-security profiling. Architectural deployment options include clustering to offload processing and hierarchical analytics of data residing on multiple remote CySight data warehouse instances to enable a single pane of glass.
- Threat Intelligence: An advanced threat intelligence engine based on correlating global threat knowledge identifying and detailing communications with nefarious end-points in real-time that are known to be risky such as VPN’s, ToR, Botnets, illicit p2p traffic, and Ransomware.
- Anomaly Detection and Automated Diagnostics: A comprehensive intrusion detection system (IDS) comprised of machine learning, detection and diagnostic engines that work together to find threshold breaches and network behavior anomalies with automated problem-solving processes to pinpoint and qualify the reason(s) for an anomaly.
- Application Mapping, Correlation and Flexible Flow Templates: Granular retention of flow-data from multiple vendors and flow information; Routers, Switches, Firewalls, Taps, Packet Brokers, VMware, WiFi, Proxies, Metro-Ethernet, and others leverage NetFlow, sFlow, IPFIX to provide extended metadata that can only be derived from the raw packet. The CySight correlation engine also makes sense of Applications, MAC Addresses, QoS. MPLS, URLs, DNS, ICMP, BGP, Latency, Drops, and many other helpful data analytics that can speed up mean time to detection.
- Internet Protocol Address Management (IPAM) / Billing: An extended IPAM tool is provided for location tagging for network billing aggregation. The IPAM supports multi-tenancy allowing location tagging even when the same IP Address ranges are used on multiple interfaces and devices.
- IPAM allows a means of planning, tracking, and helping to manage the Internet Protocol address space used in a network. IPAM tools are increasingly important as new IPv6 networks are deployed with larger address pools, different subnetting techniques, and more complex 128-bit hexadecimal numbers that are not as easily human-readable as IPv4 addresses.
As a result CySight substantially reduces the time and costs of managing, maintaining, and troubleshooting a network.
CySight scales and supports SME, large, and Telco environments with device-based licensing so that you do not have to pay for any more than your network requires.