Joint Components
- Cubro’s layer 1 products including optical TAPs and Breakout boxes
- Advanced network packet brokers, Sessionmasters, with high performance features including header modification, packet slicing, session-aware load balancing, etc.
Integrated Solution
- Cubro products forward raw packet data from any part of the network to Reveal(x) ensuring there are no monitoring ‘blind-spots’.
- As a result, the Reveal(x) system has full visibility of all of an organization’s traffic.
Network Detection and Response Security Solution
The ExtraHop Reveal(x) platform ingests raw packet data at up-to 100Gbps performing real time traffic analysis, full-stream reassembly, and parsing 70+ enterprise protocols including TLS 1.3 with Perfect Forward Secrecy (PFS) and encrypted Microsoft Active Directory protocols. The Reveal(x) AI extracts over 5,000 metrics which are used to identify malicious and anomalous traffic, unusual behaviors, and perform signature and rules based matching.
In addition, Reveal(x) automatically discovers and classifies every device on the network. This continuous analysis provides an always-accurate inventory of active devices, identification of rogue and unmanaged entities, and supports auto-classification of critical assets and sensitive databases.
The combination of high-fidelity data and continuously learning AI ensures Reveal(x) provides highly accurate security and performance detections coupled with the rich forensically relevant meta-data that analysts need to rapidly respond to security incidents.
Joint Solution
Packet capture plays a vital role in forensic investigation, incident response, and threat hunting, but it hasn't always translated easily to security use cases in cloud environments. Historically, collecting and analyzing packets in cloud environments was a complex, time consuming, manual process that often involved using multiple tools.
Cubro is a leading manufacturer and global supplier of IT network visibility products for Service Providers and Enterprise networks. Our product range includes Network TAPs and Advanced Network Packet Brokers that ensure Extrahop Reveal(x) receives the right packet data.
Cubro products direct copies of network traffic from any part of the network and pass the copy to Reveal(x) ensuring there are no monitoring ‘blind-spots’. As a result, the Reveal(x) system has full visibility into your organization's network traffic.
Extrahop implementations in corporate data centers typically use a two-stage design. Network packets collected from passive fiber optics taps or forwarded from the SPAN ports of top–of-rack switches, are aggregated and deduplicated to ensure efficient use of network bandwidth while providing ExtraHop Reveal(x) with all relevant data for analysis.
Why Use Cubro TAPs and Packet Brokers with Extrahop Reveal(x)
- Technically elegant solutions that provide the best ‘features to price’ ratio
- Unique, advanced and standard, high performance product capabilities
- Solutions have low cost of entry, are easy to budget for, implement, expand and operate
- Easy to do business with - Cubro commercial and technical flexibility
- World class technical support delivered from a local time zone
- Widely deployed and proven products, technology and support
- Cubro does NOT make or sell NDR solutions to compete with its technology partners
- Cubro does not make or sell TLS 1.3 decryption solutions to compete with its technology partners
Typical Deployment
A typical design is shown below. The Cubro products used in this deployment include:
Layer 1 products: Electrical taps, Optical taps and Breakout Boxes
➔ Single Mode, Multi-Mode, LC, MTP, or BiDi connectors, Up 400G, Various split ratios,
Fully passive and transparent
SessionMaster: Cost effective ASIC-based filtering and aggregation, with industry leading performance
➔ Up to 4000 Filters; Header modification, Packet slicing; VLAN, MPLS, GRE add/remove;
Session aware load balancing; VNI, GTP inner IP filtering.
➔ Unlike competing products, leverages power of custom programmed, P4- compliant
processors for industry – leading performance at low cost.
Omnia: Adding advanced applications
➔ Additional CPU for Deduplication, Data Masking, REGEX Filtering, Netflow Probe, and
other advanced capabilities
