Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

cPacket Networks

Product Version Certified: cVu 1000
Certified for use with: VPN-1 UTM and VPN-1 Power

Product Description: cPacket Network’s cVu 1000 is an appliance for "active network traffic inspection and response". It inspects every bit in every packet to provide granular visibility and control of network traffic. cPacket’s unique custom ASIC enables full gigabit line rate inspection regardless of packet count and size mix. The appliances support actions such as counting, dropping, duplicating, and rate limiting of specific traffic profiles based on any combination of bits and patterns in the packet header and payload.

Each cVu 1000 is installed as a transparent "bump in the wire" and requires no changes to existing addressing schemes (appliances can also be attached to passive taps or mirror ports of switches). Multiple devices can be distributed in the network at strategic locations and managed from a central command center. The information from multiple cVu appliances is aggregated by a management server that provides graphical visualization of both live and historical reports over a standard browser interface. Detailed information at fine resolution (one second) includes bandwidth utilization, application traffic profiles, top talkers, top bandwidth consumers, and TCP and UDP top conversations.

In addition to visualization and reporting, the cVu system can be used for identifying and responding to network and security problems. A simple GUI enables users to activate or create custom rules as needed. Users can set triggers for situations that require intervention – anomalous network behavior, unbalanced request-replies (e.g. DHCP, ARP, DNS), attempts to communicate with "dark IPs", application error messages over the network, excessive failed login attempts, applications hidden under non-standard ports, passwords in the clear, and other signs of compromised or misconfigured networks. The trigger events are OPSEC compliant and support easy integration to Check Point’s management and logging infrastructure.
 

Key Features and Benefits
OPSEC Integration
Additional Information

 Clear cPacket
 
Company Description: cPacket Networks delivers special-purpose hardware and software solutions for active network traffic inspection and response. cPacket’s devices are installed in a variety of enterprise customer networks in the financial and legal sectors, universities, and an animation studio. cPacket technology is based on its unique custom ASIC and proprietary hardware and software architecture.

Successful network operations rely on the ability of network and application administrators to see the network behavior, to understand where the issues are, and to respond by taking corrective actions. cPacket’s solution enables network and application managers to visualize the network’s behavior, understand where the problems are and respond to them effectively.

Founded in 2003 and headquartered in Mountain View, CA, the company is privately held. cPacket’s team has broad practical industry experience in networking, system architecture and VLSI design, coupled with a strong academic background in algorithms.
 
Key Features and Benefits

Internal threats to organization’s network pose different challenges than external threats from outside the network perimeter. Perimeter defenses do not address infection vectors that are created by the organization’s own users intentionally or unintentionally. In addition, speeds in the LAN are higher then at the perimeter gateway by orders of magnitude and the internal LAN traffic is more heterogeneous and varied. Therefore, solutions that were designed to defend the perimeter of the network cannot address all internal threats. Effective response to internal security threats relies on identifying “bad” network behaviors and events in a timely manner and being able to take swift corrective action to eliminate them.

cPacket’s cVu 1000 is designed for simple distributed deployment of visibility and enforcement control points inside the LAN. It provides a layer of security that complements perimeter (firewall) and host (anti-virus) defenses.

Features:

  • Transparent Drop-in Deployment
  • Distributed Deployment with Centralized Control
  • Packet Inspection On The Fly at Line Rate
  • Granular Behavior Analysis and Event Resolution
  • Interactive Drilldown
  • Direct Action with Surgical Precision
  • Flexible Triggers and Event Generation
  • Detailed Live and Historical Reports
OPSEC Integration
Monitoring and control of the internal network is an important layer of an effective network security strategy. The cVu 1000 appliances deliver visibility and control for internal network traffic. They monitor network traffic for behavioral anomalies and for specific signatures. A flexible and customizable trigger mechanism alerts users about issues by sending detailed messages to event managers (e.g. FireWall-1) or correlation engines (e.g. Eventia). In addition, the cVu 1000 appliances enable users to take immediate corrective action by dropping, rate limiting, or duplicating specific traffic profiles without affecting other traffic.

The cVu 1000 event generation engine integrates with Check Point products or other OPSEC compliant systems via the ELA event logging interface.
 
Additional Information

ArrowDetecting Problems and Taking Action Inside the LAN [PDF]