Agata provides high speed cyber solutions including a full featured Forensics suite with Meta Data and tens of thousands of dynamic policy rules, Layer-7 Intelligence, Network Analytics, filtered sessions and traffic recording. Backed by 20 years of specialized research and development of traffic management and security solutions for top tier customers, Agata is able to provide best in class high-end technological products. Agata appliances allow enterprises to secure networks using state of the art cyber solutions. Agata DPI empowers the user to find, record, analyze and track security events and vulnerabilities including Zero-Day exploits. The overview presentation includes a use case and a description of the different applications for Agata DPI.

1. Overview
PART I: Cyber & Our Solution
PART II: Technical Details

2.  Founded in 2008 by 2 R&D directors from Allot Communications
 Extensive experience in networking, infrastructure, intelligence, data aggregation
 Current customers include: government, enterprises and mobile operators
 High-performance solutions for Network Intelligence (URL Filtering, Load Balancing and
Network Analytics for Layer 7)
 Security Solutions for Network Forensics
About Agata

3.  Intellectual Property (IP) is not safe
 Man in the middle attacks by criminals
 Data theft
 Financial theft
 Espionage
 Organization is legally liable
Risks and Threats From Cyber
Focus on malware signatures – won't
find the infected machines

4.  Real-time (and Back-in-time ) analysis of data
 Find threats by:
 Analyzing unknown or suspicious files to uncover malicious behaviors
 Using packet captures (PCAP) to record the unknown traffic
 Utilizing behavioral botnet reports
 Identify unknown mobile users, known exploits, remote users
 Identify unknown geographical (and domain) sources of traffic
 Analyze download history and content
 20 Gbps Continuous packet capture with nanosec time stamping
Agata Forensics Solution
Record – Analyze - Track

5.  Using Agata DPI Probe for 20Gbps traffic
 High speed Layer-7 analysis (Meta data) and storage of data
 Probe Network hierarchy: Passive tapping
 Processing/collecting information based on tens of thousands of filters
 Redirecting filtered traffic to external servers for advanced analysis
 Using the following Agata capabilities:
 Filter/Layer-7 classification engine
 Traffic decapsulation (MPLS, PPoE)
 Up to 50,000 overlapping policy rules
 Rules are defined by conditions and actions
 Integration with advanced storage and analysis systems
 Filtered sessions enriched with DPI results (App ID)
Agata Use Case:
Very Large Traffic Analysis at
Asian Network (mn's of users)

6. DPI Engine
Data Collection
Reports
L7 Load Balancing
URL Filtering
Hardware Configurations
PART II:
Agata Technical Details

7.  Agata’s Network Intelligence is based on an advanced dynamic DPI engine for high speed
networks, data aggregation (big data) and analysis tools.
 Agata’s DPI based probes supports up to 20Gbps per blade.
 The probes are based on Broadcom XLP Multicore processors or Cavium Octeon.
Dynamic DPI engine

8. Topology

9.  Network analytics with sessions statistics, Protocols/Applications metadata extraction.
 The DPI engine identifies more than 1,000 applications and protocols (e.g. Skype,
Facebook, YouTube, Emails, etc.) and detects Non-standard/untrusted traffic and Traffic
headers modification.
 Provides full visibility and ability to find the relevant data with easy to use tools
 Extensive of on-demand/scheduled reports and graphs
 Extraction of network, metadata, subscribers, devices information
 Convert network traffic into content (Web pages, Emails & attachments, Instant Messages, VoIP)
 Keyword searching using regex in collected and indexed data and content
 Alerts and actions
 A centralized dashboard view
Network Analytics

10.  List of unknown encrypted sessions
 List of email attachments that were sent during certain time window
 Report on user’s traffic anomaly (e.g. access from Dev department to finance dep.)
 Report of sessions to unknown external geo-location
 Report on file sharing application usage: Dropbox, Skype, Google drive.
 Report on remote control sessions: SSH, Telnet, RDP, Teamviewer
 Content based reports – list of content containing specific regular expressions
 Event report (identify event anomaly such as change in protocol headers)
Cyber Forensics Reports – examples

11. Collected Information
Network Data Examples
• Unique ID
• Timestamp
• Site
• Subscriber Name/ID
• Statistics
 Session Duration
 Bytes In/Out
 Packets In/Out
 Live Connections
• Networking
 Source/Destination MAC addresses
 Encapsulation
 Protocol Type: IP/TCP/UDP
 Source IP and Port
 Destination IP and Port
 Protocol /Application
 Information from packet header/data

12. Statistics reports and graphs
Per session statistics (Bytes/Packets and Connections) on the network traffic is collected
constantly
An administrator can generate large variety of on-demand scheduled reports and graphs
The report generator interface allows drilling-down from all-network view to single session view
Metadata reports
Applications metadata is collected constantly
The system collects metadata on applications like WhatsApp, HTTP, VoIP, Emails, etc
The metadata is can be exported via csv files or SQL based DB interface.
Reports

13.  Advanced Layer 4 and Layer 7 load balancing
 The filters and classification engine supports up to 50,000 overlapping policy rules and
the rules are defined by conditions and actions
 The supported load balancing algorithms are:
 Round robin
 Weighted round robin
 Least loaded port
 Least connections per port
Layer 7 Load Balancer

14.  An online content filter demands to protect users (mobile and others) at risk
 HTTP/HTTPS support
 URL filtering by category
 File type blocking
 SSL Inspection
 Application Control
 P2P and IM blocking
 Internet applications blocking
 IP and Port blocking
 Provides social Media behaviour reports
URL Filtering

15. Probe – Hardware Option 1
HP Server + Cavium Octeon PCIe card

16. Probe – Hardware Option 2
Broadcom XLP

17. Thank You
Udi Levin
C. +972.544.510670
M. udi.levin@agata-solutions.com