Agata Solutions, founded in 2008, specializes in high-performance network intelligence and security solutions for various sectors, including government and enterprises. Their technology focuses on real-time and historical analysis of network data, packet capture, and detecting threats like malware and data theft through a dynamic DPI engine capable of handling 20 Gbps traffic. The system supports extensive reporting and data analysis, ensuring full visibility and protection against cyber risks with capabilities like layer 7 load balancing and content filtering.

1. Overview
PART I: Cyber & Our Solution
PART II: Technical Details

2.  Founded in 2008 by 2 R&D directors from Allot Communications
 Extensive experience in networking, infrastructure, intelligence, data aggregation
 Current customers include: government, enterprises and mobile operators
 High-performance solutions for Network Intelligence (URL Filtering, Load Balancing and
Network Analytics for Layer 7)
 Security Solutions for Network Forensics
About Agata

3.  Intellectual Property (IP) is not safe
 Man in the middle attacks by criminals
 Data theft
 Financial theft
 Espionage
 Organization is legally liable
Risks and Threats From Cyber
Focus on malware signatures – won't
find the infected machines

4.  Real-time (and Back-in-time ) analysis of data
 Find threats by:
 Analyzing unknown or suspicious files to uncover malicious behaviors
 Using packet captures (PCAP) to record the unknown traffic
 Utilizing behavioral botnet reports
 Identify unknown mobile users, known exploits, remote users
 Identify unknown geographical (and domain) sources of traffic
 Analyze download history and content
 20 Gbps Continuous packet capture with nanosec time stamping
Agata Forensics Solution
Record – Analyze - Track

5.  Using Agata DPI Probe for 20Gbps traffic
 High speed Layer-7 analysis (Meta data) and storage of data
 Probe Network hierarchy: Passive tapping
 Processing/collecting information based on tens of thousands of filters
 Redirecting filtered traffic to external servers for advanced analysis
 Using the following Agata capabilities:
 Filter/Layer-7 classification engine
 Traffic decapsulation (MPLS, PPoE)
 Up to 50,000 overlapping policy rules
 Rules are defined by conditions and actions
 Integration with advanced storage and analysis systems
 Filtered sessions enriched with DPI results (App ID)
Agata Use Case:
Very Large Traffic Analysis at
Asian Network (mn's of users)

6. DPI Engine
Data Collection
Reports
L7 Load Balancing
URL Filtering
Hardware Configurations
PART II:
Agata Technical Details

7.  Agata’s Network Intelligence is based on an advanced dynamic DPI engine for high speed
networks, data aggregation (big data) and analysis tools.
 Agata’s DPI based probes supports up to 20Gbps per blade.
 The probes are based on Broadcom XLP Multicore processors or Cavium Octeon.
Dynamic DPI engine

8. Topology

9.  Network analytics with sessions statistics, Protocols/Applications metadata extraction.
 The DPI engine identifies more than 1,000 applications and protocols (e.g. Skype,
Facebook, YouTube, Emails, etc.) and detects Non-standard/untrusted traffic and Traffic
headers modification.
 Provides full visibility and ability to find the relevant data with easy to use tools
 Extensive of on-demand/scheduled reports and graphs
 Extraction of network, metadata, subscribers, devices information
 Convert network traffic into content (Web pages, Emails & attachments, Instant Messages, VoIP)
 Keyword searching using regex in collected and indexed data and content
 Alerts and actions
 A centralized dashboard view
Network Analytics

10.  List of unknown encrypted sessions
 List of email attachments that were sent during certain time window
 Report on user’s traffic anomaly (e.g. access from Dev department to finance dep.)
 Report of sessions to unknown external geo-location
 Report on file sharing application usage: Dropbox, Skype, Google drive.
 Report on remote control sessions: SSH, Telnet, RDP, Teamviewer
 Content based reports – list of content containing specific regular expressions
 Event report (identify event anomaly such as change in protocol headers)
Cyber Forensics Reports – examples

11. Collected Information
Network Data Examples
• Unique ID
• Timestamp
• Site
• Subscriber Name/ID
• Statistics
 Session Duration
 Bytes In/Out
 Packets In/Out
 Live Connections
• Networking
 Source/Destination MAC addresses
 Encapsulation
 Protocol Type: IP/TCP/UDP
 Source IP and Port
 Destination IP and Port
 Protocol /Application
 Information from packet header/data

12. Statistics reports and graphs
Per session statistics (Bytes/Packets and Connections) on the network traffic is collected
constantly
An administrator can generate large variety of on-demand scheduled reports and graphs
The report generator interface allows drilling-down from all-network view to single session view
Metadata reports
Applications metadata is collected constantly
The system collects metadata on applications like WhatsApp, HTTP, VoIP, Emails, etc
The metadata is can be exported via csv files or SQL based DB interface.
Reports

13.  Advanced Layer 4 and Layer 7 load balancing
 The filters and classification engine supports up to 50,000 overlapping policy rules and
the rules are defined by conditions and actions
 The supported load balancing algorithms are:
 Round robin
 Weighted round robin
 Least loaded port
 Least connections per port
Layer 7 Load Balancer

14.  An online content filter demands to protect users (mobile and others) at risk
 HTTP/HTTPS support
 URL filtering by category
 File type blocking
 SSL Inspection
 Application Control
 P2P and IM blocking
 Internet applications blocking
 IP and Port blocking
 Provides social Media behaviour reports
URL Filtering

15. Probe – Hardware Option 1
HP Server + Cavium Octeon PCIe card

16. Probe – Hardware Option 2
Broadcom XLP

17. Thank You
Udi Levin
C. +972.544.510670
M. udi.levin@agata-solutions.com