Search Engine Provides Unprecedented Forensic Visibility
Cybertap Recon™ utilizes patented search engine technology as its repository for all forensic data including network packets, log files and document archives enabling a rich environment for “BIG DATA” forensic analytics of unstructured data where every piece of data is indexed and available for search. The data included is comprehensive so no clue is overlooked. Recon forensic data includes: addressing, protocol metadata, content, extracted files, file meta-data, and any other embedded suspect content within the files. Finding suspect data, even in these big data sets occurs with minimal response times.
Recon’s search engine based approach enables distributed and parallel searches across networked systems providing extraordinary scalability. Additionally, Recon appliances can be deployed in both local and wide area networks providing scalable configurations for both amount of data and responsiveness of the searches.
Derived Knowledge from Unstructured Data
Extracting intelligence from raw data provides insights, relationships, and visibility that may not be readily apparent. A search engine foundation allows relationships to be extracted from massive amounts of data not possible in conventional database systems requiring structured formats. Recon provides multiple tools that build intelligent models from data-in-motion and data-at-rest including:
- Cytoscape™ for visualization of networks and social relationships
- E-Persona™ for disclosing a threats electronic identifications and factions
- Semantic Analysis for disclosing messaging themes & sentiment
- Micro Analysis for reconstructing all aspects of a threat within your network
- Web Categorization for classifying websites for content and reputation
- Clean Analysis for extracting macros, scripts, and re-directs from embedded files
Open Architecture Protects Your Investment
The Recon technology is built and deployed in an open environment allowing customers to independently extend the functionality of the system and take advantage of commodity hardware and third party software solutions protecting your investment. This approach enables Recon to be easily extended using commonly available hardware as well as Recon’s protocol software development toolkit, SOLR query language, SQL, or export functions for XML and PDF.
- Runs on any certified Intel 64 bit Linux appliance
- Runs in a virtual machine
- Uses the standard SOLR™ environment as search engine foundation
- Uses the standard SOLR query commands
- Provides an SDK for extended the protocol inspection library
- Exports into XML of PDF formats
- Works with third party Pcap storage technologies