Brief description of features

<< Click to Display Table of Contents >>

Navigation:  Microolap EtherSensor >

Brief description of features

Microolap EtherSensor is a high-performance real-time network event and message extraction platform with the following features:

Access to a significant number of Internet services known to Microolap EtherSensor (several thousand).

High performance: streamed processing over 20GBps+ links.

Message, event and metadata delivery to any SOC subsystems (DLP, SIEM, eDiscovery, etc.).

Prolonged continuous unattended operation.

Support of off-the-shelf equipment with low footprint.

Microolap EtherSensor consists of several Windows services which interoperate to intercept and analyze application-level messages and metadata (normally messages exchanged by network users). The resulting messages, message metadata or data extracted from them are delivered to consumer systems.

The key feature and fundamental operating principle of Microolap EtherSensor is its non-participation in the traffic delivery of the monitored network, which results in network reliability  independent of the service. That said, Microolap EtherSensor ensures full control over traffic in networks up to to  20GBps networks by detecting messages from several thousand of Internet services.

Traffic filtering methods at each level (either IP packets or reconstructed application-level objects) ensure minimum resource consumption with the desired level of control over network communications.

Expandability enables Microolap EtherSensor both to accept data from external sources (SPAN/TAP traffic, ICAP clients, Lotus Notes transaction log, PCAP files) and delivers reconstructed messages to external consumer systems.

Independence of Microolap EtherSensor services from the logging service (the EtherSensor Watcher service can be used to configure complex "logging level/logging direction" combinations for each data type of messages without impairing performance).

The features Microolap EtherSensor are described below, grouped by functional units.

Webmail (WM)

Processes traffic to extract outgoing messages from the following webmail services: Mail.RU, Yandex.RU, Pochta.RU, GMail, etc. (over 40 domains), as well as all services based on the SquirrelMail core. To process messages sent over an encrypted channel (HTTPS protocol) you will also need an ICAP server or SSLSplitter.

Social networks (SN)

Extracts various types of data (authentication credentials, text messages, comments, etc.) from the traffic in the following social networks:

Social networks, including Vk.com, Facebook, LinkedIn and Mamba.ru.

phpbb-, ipb-, vbulletin- and mybb-based forums.

SMS/MMS messaging services (including over 500 domains).

To process messages sent over an encrypted channel (HTTPS protocol) you will also need an ICAP server or SSLSplitter.

Email (EM)

Processes traffic to extract email messages sent over SMTP and POP3 protocols.

ICAP server (IS)

Can be used to extract messages from HTTP- and FTP traffic delivered over the ICAP protocol by external systems, such as SQUID, Blue Coat Proxy SG, Cisco WSA, Webwasher, Websense, McAfee Web Gateway, FortiGate, Entensys UserGate, etc.

Instant messages (IM)

Processes traffic to extract messages sent and received via instant messaging services over such protocols as Skype, XMPP/Jabber, IRC, MSN, Yahoo and OSCAR.

Lotus Notes (LN)

Processes traffic to extract Lotus Notes events, including messages, calendar events, etc. For encrypted traffic, messages are extracted from the Lotus Notes Transaction Log. These methods do not affect the operation of Lotus Notes.

File transfer (FT)

Processes traffic to extract files transmitted over the SMB, HTTP, FTP and WebDAV protocols. To process messages sent over an encrypted channel (HTTPS protocol) you will also need an ICAP server or SSLSplitter.

Curriculum vitae (CV)

Processes traffic to extract events (registration, authentication, replies to job posts, updates to CVs) from job seeking sites, e.g. HH.ru, SuperJob.ru, Job.ru, etc. (over 150 domains). You would additionally need SSLSplitter or ICAP server to extract messages sent over an encrypted channel (HTTPS protocol).

EtherSensor Agent (AG)

EtherSensor Agent is installed on workstations in case the installation of a full end-point DLP-solution is impossible for some reason.

Is used to map TCP connections created by local processes at workstations to user names and host names in a corporate environment with NAT, terminal servers, etc.

Additionally EtherSensor Agent can be used to track changes (equipment, processes, etc.) on a workstation and to transmit that data to Microolap EtherSensor and EtherStat servers.