With today’s rapidly evolving threat environment, one of the keys to securing your organization is the ability to see and understand everything that is happening on your network. Real-time visibility and high-powered analytics along with long-term data retention are required to fulfill detection, investigation, analysis, forensic, and compliance needs. The RSA Security Analytics solution makes this a reality with two primary infrastructure elements: the capture infrastructure and the analysis and retention infrastructure. The cornerstone of the RSA Security Analytics capture architecture is the decoder, a highly configurable appliance that enables the real-time collection, filtering, enrichment, and analysis of network packets as well as log data. For network packet analysis, it is essential for the decoder to have complete visibility throughout the network – typically by tapping crucial links and collecting mirrored data from SPAN ports. These datastreams may need to be aggregated together, de-duplicated, filtered, and load-balanced to maximize decoder efficiency.

The APCON INTELLAFLEX Series 3000 intelligent network monitoring switch is the solution to enterprise-grade requirements in the data center. With up to 288 non-blocking ports of fully aggregatable INTELLAFLEX 10G Ethernet in a single 8RU chassis, APCON provides both data throughput capacity and chassis port density.

By combining APCON INTELLAFLEX with RSA Security Analytics, you empower network forensic and packet capture devices by providing customized data streams aggregated from multiple points on the production network. Advantages include preventing data loss, collecting more relevant data per packet capture, de-duplication for tool optimization and packet slicing to address compliance concerns.

Solution Brief

APCON and RSA Security Analytics

A

B

C

D

E

F

G

H

INTELLAFLEX™

ACI–3288–XR

INTELLAFLEX™ BladeACI-3030-E32-7

Power

Status

Packet Aggregator10 Gbps / 40 Gbps

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32

10 Gbps Ethernet

10 Gbps Ethernet

40 Gbps Ethernet

Power

Status

23 24

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36

1/10 Gbps Ethernet

INTELLAFLEX™ BladeACI-3030-E36-6

Packet Aggregator1/10 Gbps1/10 Gbps Ethernet

1/10 Gbps Ethernet

Multi Function1/10 Gbps

1 3 5 7 9 11 13 15 17 19 21 23

2 4 6 8 10 12 14 16 18 20 22 24

25 27 29 31 33 35

26 28 30 32 34 36

1/10 Gbps Ethernet

1/10 Gbps Ethernet

PPS/IRIGIN OUT

INTELLAFLEX BladeACI-3032-E36-1

GPSANT

Power

Status

INTELLAFLEX™ BladeACI-3030-E32-7

Power

Status

Packet Aggregator10 Gbps / 40 Gbps

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32

10 Gbps Ethernet

10 Gbps Ethernet

40 Gbps Ethernet

Multi Function1/10 Gbps

1 3 5 7 9 11 13 15 17 19 21 23

2 4 6 8 10 12 14 16 18 20 22 24

25 27 29 31 33 35

26 28 30 32 34 36

1/10 Gbps Ethernet

1/10 Gbps Ethernet

PPS/IRIGIN OUT

INTELLAFLEX BladeACI-3032-E36-1

GPSANT

Power

Status

Power

Status

23 24

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36

1/10 Gbps Ethernet

INTELLAFLEX™ BladeACI-3030-E36-6

Packet Aggregator1/10 Gbps1/10 Gbps Ethernet

1/10 Gbps Ethernet

Power

Status

23 24

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36

1/10 Gbps Ethernet

INTELLAFLEX™ BladeACI-3030-E36-6

Packet Aggregator1/10 Gbps1/10 Gbps Ethernet

1/10 Gbps Ethernet

Power

Status

23 24

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36

1/10 Gbps Ethernet

INTELLAFLEX™ BladeACI-3030-E36-6

Packet Aggregator1/10 Gbps1/10 Gbps Ethernet

1/10 Gbps Ethernet

CANCEL

10.1.102.72 / 255.255.0.0

3288-XRS/N: 72020004Ver: 1

Hit [Enter] for configuration

UP DOWN ENTER

JJ26.7ºc

APCON INTELLAFLEXNetwork Monitoring Switch

Visibility Analysis Action

GroomedData Streams

RSA LIVEINTELLIGENCE

CaptureTime DataEnrichment

Threat Intelligence | Rules | Parsers | Feeds | Reports | RSA Research

EndpointEndpoint

NetFlow

LogsLogs

PacketsPackets

Warehouse

Archiving

SecurityOperations

Detection

Investigate

Tria

ge

Respond

& Report

LIVE

LIVE

LIVE

SPANs& Taps

NetFlow

Figure 1. APCON's network monitoring switch provides visibility and maximizes efficiency of the RSA Security Analytics infrastructure.

Solution Brief – RSA Security Analytics and APCON

RSA Security Analytics Infrastructure

GAIN COMPLETE VISIBILITY – Eliminate blind spots with visibility across logs, networks, and endpoints. Inspect every network, packet session, and log event for threat indicators at the time of collection with Capture Time Data Enrichment.

DETECT AND ANALYZE – Discover attacks missed by traditional SIEM and signature-based tools by correlating network packets, endpoints, and logs. Identify high-risk indicators of compromise by harnessing the power of Big Data and data science techniques.

TAKE TARGETED ACTION – Prioritize investigations and streamline multiple analysis workflows in one tool. Instantly pivot from incidents into deep endpoint and network packet detail to understand the true nature and scope of the issue.

The APCON SolutionThe APCON solution enables the aggregation of packets from multiple mission-critical monitoring points. Utilizing APCON’s INTELLAFLEX solution, users can then manipulate, filter and load balance this traffic to the appropriate monitoring tool.

Figure 2. The APCON INTELLAFLEX Series 3000 provides a highly available, fault tolerant and scalable architecture suitable for use in a production data center employing the RSA Security Analytics infrastructure and other network data monitoring applications.

LatencyMeasuring

TroubleshootingSecurity

A

B

C

DPower

Status

23 24

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36

1/10 Gbps Ethernet

INTELLAFLEX™ BladeACI-3030-E36-6

Packet Aggregator1/10 Gbps1/10 Gbps Ethernet

1/10 Gbps Ethernet

Power

Status

23 24

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36

1/10 Gbps Ethernet

INTELLAFLEX™ BladeACI-3030-E36-6

Packet Aggregator1/10 Gbps1/10 Gbps Ethernet

1/10 Gbps Ethernet

WANSPAN/MirrorPort

DMZ

SPAN/MirrorPort

Core

SPAN/MirrorPort

CustomerExperience

NetworkManagement

E-Commerce

SPAN/MirrorPort

Extranet / Partner

SPAN/MirrorPort

Data Center

SPANor

TAP

Distribution SPAN/MirrorPort

Multi Function1/10 Gbps

1 3 5 7 9 11 13 15 17 19 21 23

2 4 6 8 10 12 14 16 18 20 22 24

25 27 29 31 33 35

26 28 30 32 34 36

1/10 Gbps Ethernet

1/10 Gbps Ethernet

PPS/IRIGIN OUT

INTELLAFLEX BladeACI-3032-E36-1

GPSANT

Power

Status

Multi Function1/10 Gbps

1 3 5 7 9 11 13 15 17 19 21 23

2 4 6 8 10 12 14 16 18 20 22 24

25 27 29 31 33 35

26 28 30 32 34 36

1/10 Gbps Ethernet

1/10 Gbps Ethernet

PPS/IRIGIN OUT

INTELLAFLEX BladeACI-3032-E36-1

GPSANT

Power

Status

INTELLAFLEX™

ACI–3144–XR

CANCEL

10.1.102.72 / 255.255.0.0

3144-XRS/N: 72020004Ver: 1

Hit [Enter] for configuration

UP DOWN ENTER

JJ26.7ºc

Solution Brief – RSA Security Analytics and APCON

Enterprise-grade data center monitoring switches must have the ability to bond several disparate data streams from external-facing, DMZ, and internal switches, and route all this data to the RSA Security Analytics decoders, as well as other network data monitoring tools. Key features provided by the APCON switch include:

» Packet Aggregation – merge many data input sources

» Multicast the merged stream to multiple output ports

» Apply egress filters to customize each data stream

» Reduce packet size with packet slicing

» Remove duplicate copies of packets

Solution: APCON and RSA Security AnalyticsAPCON’s enterprise-grade intelligent network monitoring switch solution is certified for use with the RSA Security Analytics infrastructure, and provides the port density, overall port count and throughput capacity, and high availability to handle the volume of data generated in a modern data center.

APCON also provides the ability to eliminate duplicate packets, slice packets at the header, and filter packets on any criteria. This allows network engineers to bring together data inputs from any point on the network, aggregate and manipulate the data at the packet level, and then direct those data flows to the RSA Security Analytics decoders for analysis.

About APCON

APCON develops scalable network switching solutions for enterprise data centers worldwide. APCON intelligent network monitoring switches and taps provide complete network visibility, improve network security and optimize monitoring tool efficiency. APCON’s filtering and aggregation technology and multi-switch management software minimizes network downtime and maximizes monitoring tool investments. Learn more about APCON at www.apcon.com.

APCON, Inc.9255 SW Pioneer CourtWilsonville, Oregon 97070 USATel: 503–682–4050www.apcon.com

© 2014 APCON, Inc. All rights reserved. Resources: RSA Security Analytics https://www.emc.com/security/security-analytics/security-analytics.htm

14074-R2-1114