IP Fabrics DeepProbe
About IP Fabrics DeepProbe
The DeepProbe™ is IP Fabrics’ most advanced data retention and intercept system and functions as an intelligent probe under the control of a separate surveillance element such as a mediation system. Designed to be used in distributed data retention and intercept solutions, the DeepProbe is ideal for monitoring large and complex networks.
DeepProbe has the capability to fully inspect every network packet, so the controlling mediation systems don’t need to rely on CMTSs, switches, routers or other probes for filtering and intercept.
DeepProbe products are subject to US export controls and are classified under ECCN 5A002A1. DeepProbe products are authorized for export under provision (b)(1) of License Exception ENC (740.17) as CCATS G136966. DeepProbe can be exported without delay to all counties (excluding Cuba, Iran, North Korea, Sudan and Syria) with No License Required (NLR) (eligible for license exception ENC).
Support for Data Retention, Intercept, and Cyber Security Applications
DeepProbes flexible output modes make it ideal for several important network monitoring and surveillance applications. For example, DeepProbe can be configured to deliver Internet usage events/metadata/IPDR which can be used for data retention solutions. Alternatively, DeepProbe can be configured to deliver a specific target’s full communications session/stream, common in intercept solutions. Finally, DeepProbe can be configured to detect specific network content and deliver pertinent information to SIEM for cyber security/insider threat solutions.
Unique Discovery Model
Target discovery in the DeepProbe is provided via the innovative Surveillance Module ™ architecture. To the user, Surveillance Modules (SMs) are a series of well-defined, secure ASN.1 commands, which are designed for specific surveillance techniques. For example, there are SMs for discovering webmail traffic, user-id login (e.g., radius or DHCP), and VoIP traffic. These are termed ‘application-level’ SMs, since they deal with specific target applications/usages.
Other SMs include those geared towards monitoring more generic flows (conversations) based on specific packet header or content characteristics. These are termed ‘protocol-level’ SMs since these require the user to be somewhat knowledgeable of specific packet header and/or content values. Table 1 provides a summary of the DeepProbe Surveillance Modules.
Once the target is discovered, the DeepProbe offers flexible intercept options, including the ability to deliver the entire data stream a summary and key events, or just IPRDs.. DeepProbe also incorporates sophisticated reconstruction logic to deliver only pertinent information when monitoring complex applications such as webmail and chat/IM, greatly reducing the processing required by the monitoring, data retention, and analytic systems.
1Gbps and 10Gbs Models
DeepProbe comes in two basic models. The first is for monitoring 10/100/1000Mbps networks and is available with four surveillance ports. The second is for monitoring 10Gbps networks and is available with four 10Gbps and six 10/100/1000Mbps surveillance ports. Both models support multiple, dynamically updatable targets and also come with two 10/100/1000Mbps system ports.
High Performance, Scalable Architecture
IP Fabrics’ Surveillance Module™ architecture and underlying patent-pending multi-core virtualization technology give DeepProbe many unique advantages over basic “PC-based” surveillance systems or hard-wired ASIC-based systems. DeepSweep’s internal host processors and multi-core packet inspection accelerators allow it to monitor multiple 1Gbps and 10Gbps Ethernet links at true wire-speed with full layer 2-7 deep packet inspection (DPI) capabilities.
Secure, Reliable Provisioning
The DeepProbe is typically provisioned and managed by a centralized mediation via the system ports using a set of simple, yet powerful commands. Each provisioning command is securely authenticated to prevent use by an unauthorized system. Consistent with other DeepSweep systems, an easy-to-use, secure web-based interface is also included.
Use of the SDxCentral service directory is governed by our Terms of Service, including without limitation those sections under the headings "CONTENT", "LICENSING AND OTHER TERMS APPLYING TO CONTENT POSTED ON THE SDXCENTRAL SITES", "INDEMNITY; DISCLAIMER; LIMITATION OF LIABILITY" AND "COPYRIGHTS". Under no circumstances will SDxCentral be liable in any way for any Content, including, but not limited to, liability for any errors or omissions in any Content or for any loss or damage of any kind incurred as a result of the use of any Content posted, emailed or otherwise transmitted via the Sites.