|
<< Click to Display Table of Contents >> Navigation: Microolap EtherSensor > Application |
Microolap EtherSensor is used to analyze L2-L7 level traffic in the OSI model and to extract the content and metadata of messages and message-related events.
The Microolap EtherSensor platform was developed based on the following requirements:
Adaptability to a consumer system:
Microolap EtherSensor must be able to transmit both data and metadata of a discovered object to any consumer system in any required format and over the transport recognized by the system. The type and purpose of the consumer system do not matter: it may be SIEM, DLP, eDiscovery, UEBA, Enterprise Search, file systems, user systems, etc.
Concurrent interaction with multiple sources and consumers:
There must not be a limit to the number of consumer systems with which Microolap EtherSensor is capable of communicating simultaneously.
Similarly, there must not be a limit to the number of data sources with which Microolap EtherSensor is capable of communicating simultaneously.
Total control:
Microolap EtherSensor must detect any application-level object transmitted over the network, regardless of its type. Processing results of such objects are to be transmitted to specialized consuming systems.
Real time:
Microolap EtherSensor must operate in real time over the fastest enterprise data links available. The current version of Microolap EtherSensor readily supports data stream processing in 20GBps networks using off-the-shelf equipment.
Separability:
Microolap EtherSensor must be deployed "out of the box" and must not require constant attention from the developer or the customer. Ideally it will be a completely unattended data infrastructure element.
The common use of Microolap EtherSensor is in the following tasks:
Message archiving systems (Compliance archiving):
Extracting documents and other objects of email, messengers, social media, blogs, forums and other popular communication environments.
Examples of consumers:
▪Google Vault (help)
▪Veritas eDiscovery Platform (former Clearwell);
SIEM systems, UEBA, log analyzers
Extracting application-level object metadata and object-related events from traffic (including real time extraction from an object content) for recording to SIEM systems.
Examples of consumers:
▪ArcSight Enterprise Security Manager (ESM) (ранее HP ArcSight)
▪Elastic Stack (ранее ELK Stack: Elasticsearch, Logstash, Kibana)
▪FortiSIEM (ранее AccelOps)
▪ManageEngine EventLog Analyzer
▪McAfee Enterprise Security Manager (ESM)
▪Micro Focus Sentinel (ранее NetIQ)
▪SolarWinds Log & Event Management (LEM)
▪Any software which can accept data by SYSLOG, NETFLOW, or other TCP/UDP protocol.
To prevent leaks of confidential data (DLP systems).
To extract application-level message content from the traffic (OSI level 7) of external and internal communication services and forward it to a consumer system: a DLP system, an email archiving system, a document-processing system, a local search system, or any other system with document archiving functions.
Examples of consumers: