trapwall

Overview

Ensure reliability as a basis for analyzing network infringement of major organizations
And functional verification for analysis.

title1

-
Automated-analysis on extensive threat resources and suspected malicious resources

title1

-
Automated-analysis on extensive threat resources and suspected malicious resources

title1

-
Automated-analysis on extensive threat resources and suspected malicious resources

title1

-
Automated-analysis on extensive threat resources and suspected malicious resources

Ensure reliability as a basis for analyzing network infringement of major organizations
And functional verification for analysis.

trapwall

Features

 Trapwall is All-in-One solution for network intrusion detection, forensics and anomaly analysis.

High performance traffic extraction

-
Extract up to 100 files per second based on 1MB file size and ensure integrity

PCAP collection

-
Lossless traffic acquisition and storage based on High-performance capture

ThreatFlow

-
Generate ThreatFlow optimized for threat assessment based on L2 ~ L7 analysis, threat detection, and file extraction information

Flexible expansion

-
Provides quick technical support and customization for existing operating system

Ensure reliability as a basis for analyzing network infringement of major organizations
And functional verification for analysis.

Intrusion Detection and Network Forensic

Ensure reliability as a basis for analyzing network infringement of major organizations
And functional verification for analysis.

High performance traffic extraction

  • Extract up to 100 files per second based on 1MB file size and ensure integrity
  • Supports detection and extraction of file transfer history based on 110 protocols such as HTTP, SMTP, and FTP

PCAP collection

  • Lossless traffic acquisition and storage based on High-performance capture
  • Support long-term and separate archiving of suspicious traffic

ThreatFlow

  • Generate ThreatFlow optimized for threat assessment based on L2 ~ L7 analysis, threat detection, and file extraction information
  • High-speed search and threat analysis using ThreatFlow field-based Display Filter

Flexible expansion / optimization

  • Support flexible sharing system for information linkage and linkage analysis (Syslog, Restful,  DB Direct)
  • Provides quick technical support and customization for existing operating system

What Trapwall Can and Cannot

Can

  • Precise analysis of new threats based on file extraction and forensics (transferable)
  • Pattern-based detection and detailed threat per-session information via ThreatFlow
  • Analysis of service access log based on Advanced Log Generator
  • Analysis and report on anomaly signs and behaviors
  • Establish a preliminary identification and response strategy for infringement trial group

Can not

  • No blocking function against infringement
  • It has nothing to do with attack blocking and blocking function
  • Distance to security equipment such as DLP for information leak prevention
  • Long-term traffic trafficking requires custom support for archiving purposes
  • Visibility into cryptographic traffic Needs customized support when needed

What is main features of Trapwall

All-in-One solution for network intrusion detection, forensics and anomaly analysis

  • Delivered attack management solution (Trapwall) as a network forensic expert
  • Possible to add interface to the solution on top of supporting protocols(HTTPS, FTPS, NFS, SCP Channel)
  • Optimization (NFS, SCP Channel) function for manager transmission to collected PCAP in addition to attack information (Negotiable)

Network-based intrusion detection, forensic and anomaly detection

  • Active threat analysis that collects and analyzes Layer 2 ~ 7 information such as sessions, protocols, and transfer files from traffic
  • Provides features for ThreatFlow-based rapid threat analysis and PCAP/file-based traffic analysis in detail
  • Support NIDS based detection policy, ThreatFlow-based statistics, traffic trend & APT attack detection through anomaly analysis

ThreatFlow: Practical and effective progress of NetFlow

  • Generate data structures using DPI analysis information to determine actual behavior at the application layer
  • Provides entire network analysis environment for L2~L7 including information of L7 analysis, NIDS, file extraction and threats
  • Provides network threat analysis based on NIDS, threat detection information and fast search function

Provide Display Filter based search UI considering ThreatFlow field-specific characteristics

  • Provides network threat analysis based on NIDS, threat detection information and fast search function
  • Provides matching, mismatch, inequality, Subnet search considering various types of ThreatFlow field characteristics such as integer type and string
  • Provides combinational search of multiple fields using AND, OR, and parentheses