SentryWire is the Next Generation Packet Capture Tool and Network Security Platform that is based on a unique capture and storage architecture which breaks the performance, scalability and expense barriers of existing frameworks. The system supports capture rates from 1Mbps to 100Gbps, while providing real-time filtering and allowing retention of network traffic for weeks, months and even years at price points that can be as little as 20% of the cost of other systems.
SentryWire Packet Capture Tool
Imagine a Hadoop like architecture that is engineered to scale out compute and storage to provide the fastest search in the industry even in packet stores of 100PB's. The SentryWire system has high-speed packet recording with real-time analytics, visualization, and BPF-syntax filters. The system detects intrusions, minimizes damage caused by breaches and enables complete packet level analysis of any incident.
The SentryWire Packet Capture Platform allows an extended timeline of traffic to be recorded and analyzed at commodity prices using new or existing analytics. Why is it important to have an extended timeline of packet traffic stored? Because we know on average it takes 147 days to detect certain state sponsored intruders in a network and without a high fidelity recording of the network traffic enterprises cannot make a definitive determination of when intruders got in, how they got in or exactly what data was ex-filtrated.
 
 

Full Packet Capture

 
 

Fast Search

 
 

Extended Timeline

 
 
 

Capture Speed

 
 

Intrusion Detection

 
 

Visualization & Analytics

Full Network Packet Capture

Line rates 1Mbps to 100Gbps, lossless and continuous capture. This isn't just packet inspection and retention of the meta data from that inspection - we capture and store all the network IP Packets so it can be filtered against known signatures and also be continuously inspected and analyzed for signatures that materialized after the traffic was filtered, collected and stored. We know, on average, perpetrators are in the network for 147 days before being discovered, so it's critically important to have an extended timeline of packets available for analysis.

Fast Search

Because of our architecture, we scale search when we scale compute and storage, meaning that our searches occur over smaller data stores, dramatically increasing search results. Searches often produce a very large PCAP file that we tranche down to digestible bites so that search results are streamed almost immediately and don't bog down the network. Our search is incredibly fast!

Extended Packet Capture Timeline

Forensics for incident response and post-breach activities. Even with the best enterprise security tools deployed in multiple layers and depth, organizations that are breached find they need to reach back more than 147 days from the discovery of the breach to get to the root of the problem and determine which data were accessed and exfiltrated. Or for the non-security use cases, unscheduled outrage root cause analysis often requires a similar timeline of high fidelity data to be accessible.

Capture Speed

We guarantee the best lossless capture performance on the market. Our capture rates, as well as the rates we move the packets around inside the appliance and the cluster nodes, have been architected and engineered to continuously capture, even the burstiest traffic. We can scale to the fastest current market bandwidths (100Gbps) and our architecture will continue to grow with network bandwidth capabilities.

Intrusion Detection

We include the open source and SNORT-centric Security Onion as our IDS, leveraging the rich intrusion visualization capabilities of this suite and instrumenting our filtered data flows so that the various Security Onion components have the best data feeds for their intended purposes. We also provide connections to the industry's leading IDS platforms.

 
 
EYE finished Number 2 Final.png

Visualization

With SentryWire's Application Node and our RESTful API you can instrument to the world's leading commercial, open source and custom visualization platforms including 3D interfaces that allow security engineers to isolate anomalous activity. SentryWire's instrumentation to existing tools provides log correlation and aggregation visualization solutions with fast and seamless access to metadata logs.
 

Analytics

Pre-Analytics and real-time filtering, with a RESTful API allowing for integration with existing analytic tools and platforms. We've learned that with big data, you just don't point analytic tools at large data sets and expect deep insights to spring out, SentryWire uses BPF syntax and primitives to filter large amounts of data down to a very manageable size so that customers can run additional tools, such as ELSA, SPLUNK, ArcSight... to uncover deeper insights regarding potential threats.